 |
 |
On Fri, Dec 16, 2011 at 21:42, Eric Hellman <[log in to unmask]> wrote: > > You'll be happy to know that as bad as things are, they've improved considerably! I showed several ILS vendors how I could insert arbitrary javascripts into their products. Some of them fixed their products in the next update cycle, some took a couple of years. One particularly nasty vulnerability I am unable to talk about, it was so nasty and close to home. But the general problem persists. Perhaps an outing process would be useful. > Leaks4Lib? +1 -Mike