Xss from URL...

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.

Posted by ingo86 on October 22, 2008 at 10:17pm

Hi all,
The scanner is tested to find XSS vulnerabilities inside a drupal installation. These could be found only searching into the forms of the website. There's no way right now to add an exploit as a parameter of the url of the page.
Something like
http://www.example.com/?q=<script>alert(xss);</script>
This is something I wanna add as new feature, but make it automatic is not so trivial.
Suggestions?

Security

You must register or login in order to post into this group.

Group organizers

New groups

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

All posts:
- Feed
- Page

Hot content this week

Sites using Thunder

7 years 10 weeks ago
Drupal Libraries

15 years 39 weeks ago
Media sites using Drupal

16 years 41 weeks ago
Current advice for developing a newspaper or magazine site with Drupal

6 years 11 weeks ago