Global Security Watch: BUG: XSS Security flaw in BaseCamp Messages

Global Security Watch > BUG: XSS Security flaw in BaseCamp Messages

[Untitled] BaseCamp lets users include HTML and JavaScript in messages, on the basis that anyone with a BaseCamp account is a trusted party. I’m not convinced: you could use this to circumvent .

Some related posts from Technorati and Google.

[Comments on Simon Willison's Weblog] Topbit on BUG: XSS Security flaw in BaseCamp Messages: It's been ...: Topbit on BUG: XSS Security flaw in BaseCamp Messages:. It's been that way for years - I posted an example to their forums that did a Javascript pop-up alert - literally, three years ago.

Reflected tags on Technorati: Blog, Security, Global Security Watch

Global Security Watch > BUG: XSS Security flaw in BaseCamp Messages

Global Security Watch

Blogging about the triangle of Privacy, Encryption and Security