Antti-Juhani Kaijanaho

en/programming/blosxom-comments-vulnerability.txt

2004-06-25

[SECURITY] Blosxom comments plugin cross-site scripting vulnerability [patch]

I only recently found out about the now weeks-old cross-site scripting vulnerability in Blosxom writeback plugin. Since the comments plugin, which I use, is based on the writeback plugin, it was logical to assume that it would also be vulnerable, and it is.

I adapted KyleM.xwell's patch for comments; here is the adapted patch. It works for me, but as always, there is no warranty, not even the implied warranty that the patch patches the vulnerability.

Update: Note that the patch only filters new comments; you need to manually check your existing comment base.

14:48 - /en/programming - 2 comments

Haku / Search

Advanced Search

Sections / Osiot

Everything / Kaikki

• en (149)
• en::debian (47)
• en::debian::x-ann (8)
• en::fun (15)
• en::judicial (4)
• en::judicial::finland (4)
• en::meta (3)
• en::politics (8)
• en::programming (17)
• en::research (1)
• en::research::refs (1)
• en::reviews (4)
• en::stuff (49)
• fi (332)
• fi::diary (236)
• fi::henkkoht (2)
• fi::laki-ja-oikeus (2)
• fi::luentoja (2)
• fi::luentoja::logiikka (2)
• fi::meta (12)
• fi::metafiktio (1)
• fi::niitanaita (3)
• fi::pohdintaa (1)
• fi::politiikka (44)
• fi::quotes (1)
• fi::testit (28)

Palaute / Feedback

antti-juhani@kaijanaho.info

Chrono

• 2005 (98)
  • November (14)
  • October (12)
  • September (6)
  • August (5)
  • July (6)
  • June (9)
  • May (10)
  • April (4)
  • March (11)
  • February (10)
  • January (11)
• 2004 (384)
  • December (8)
  • November (12)
  • October (16)
  • September (32)
  • August (33)
  • July (36)
  • June (47)
  • May (42)
  • April (32)
  • March (38)
  • February (41)
  • January (47)

Noteworthy

• Aloitusmaisema
• Karin loki
• Planet Debian
• Wil Wheaton

---

HTML	All	This
RSS	All	This

---

---