09 Mar

Developer Security Advisory: Smackcoders

Recently four of Smackcoders plugins were to found by Rahul Pratap Singh to have reflective cross-site scripting (XSS) vulnerabilities. This type of vulnerability is not something we really see being exploited, probably due in large part due to the fact that all of the major web browsers other than Firefox have filtering that should prevent it from being successful in most cases. But the presence of it does indicate that the developer is not too concerned about security as properly handling user input data is really a basic piece of programming in a secure fashion.

Also of concern was how long it took the developer to respond after the issues were discovered. Here are the timelines given by discoverer of the vulnerabilities for how long it took for the the vulnerabilities to be fixed [Read more]