Sure – XSS Vulnerability

XSS Vulnerability Warning

I haven’t got too much of a clue what this all means, but some of the MediaWiki Extensions (here, here, and here) that I have pointed to in recent posts now have a warning on them. So if you have your wiki wide open (where anyone can edit), you are apparently vulnerable to this type of attack. The UMW New Media Wiki is locked down so that only “sysops” can edit pages. I’ve been in contact with Jim Wilson, and he clearly knows way more about this stuff than I do. He has his own YouTube Extension that I have not tested, yet.

Share on facebook
Facebook
Share on twitter
Twitter

One thought on “Sure – XSS Vulnerability

  1. Hi Andy,

    Thanks for the XSS props – I’ll be happy to answer any questions you may have.

    Regarding my YouTube Extension, I now have a much better extension for embedding video: EmbedVideo

    http://jimbojw.com/wiki/index.php?title=EmbedVideo_Extension

    In addition to YouTube, it also supports: FunnyOrDie, Google Video, Dailymotion, sevenload and Revver. Also, while YouTubeTag is an extension tag, EmbedVideo is a parser function – meaning it can be used in conjunction with Templates for greater flexibility.

    Enjoy! (Great blog by the way.)

    — Jim R. Wilson (jimbojw)

Comments are closed.

css.php