Re: XMB cross-scripting vulnerability

[Joe <joe () STCS-Net com>]

In-Reply-To: <.iD6VJLPQh16WL2 () aport2000 ru>

Actually, the subject message WAS accurate insome respects, however, it is NOT true at this 
point. In February, there was a pre-beta version being used on the XMB support forum, and that 
version DID indeed have the javascript security flaw. When several people, including, I suspect, 
the poster of the original message repeatedly used that exploit to showthe vulnerabilty, the 
current developers of version1.6 made theneeded cahnges, and the hole no longer exists.

Version1.6 is now in a final beta, and that security hole, along with another that we beta testers 
found, has been closed.

  
Joe McManus, XMB 1.6 Beta Tester.