Bugtraq: Typepad cross-site scripting vulnerability. Hat tip: Jean-Luc.
Share this:
- Click to share on Tumblr (Opens in new window) Tumblr
- Click to share on X (Opens in new window) X
- Click to share on Facebook (Opens in new window) Facebook
- Click to share on LinkedIn (Opens in new window) LinkedIn
- Click to share on Pocket (Opens in new window) Pocket
- Click to share on Telegram (Opens in new window) Telegram
- Click to email a link to a friend (Opens in new window) Email
Ah, unintended consequences: I hadn’t noticed it, but I’m getting the URL put in a title attribute (part of the redirect thing, even though I don’t redirect comment links), which makes my comment validator barf on a “duplicate specification of the foo attribute” and refuse the comment. But, well, that ain’t just a Typepad vuln.
And, since they only had to fix it in one place for TypePad, of course it’s fixed there. The second sentence is left as an exercise for the reader.