By the way, who ever decided it would be fun to reply by checking the gluejar website for XSS vulnerabilities, by all means, tell everyone about it!
Eric
On Dec 16, 2011, at 10:14 PM, Michael J. Giarlo wrote:
> On Fri, Dec 16, 2011 at 21:42, Eric Hellman <[log in to unmask]> wrote:
>>
>> You'll be happy to know that as bad as things are, they've improved considerably! I showed several ILS vendors how I could insert arbitrary javascripts into their products. Some of them fixed their products in the next update cycle, some took a couple of years. One particularly nasty vulnerability I am unable to talk about, it was so nasty and close to home. But the general problem persists. Perhaps an outing process would be useful.
>>
>
> Leaks4Lib? +1
>
> -Mike
|