Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Drupal all versiyon xss cehennem.org
From: security () drupal org
Date: 3 Jan 2006 21:43:49 -0000
I have inspected the latest XSS filter mechanism of Drupal which is included in 4.5.6 and 4.6.4 versions and onward and 
both the decimal and the hexadecimal version is escaped when choosing the  "Filtered HTML" format. The "Full HTML" 
format, as its name implies, does not filter HTML and its documented to be so.

I am not aware of any contact attempts w/ the security team before mailing this report to the list.

Regards

Karoly Negyesi
Security team coordinator

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]