full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] StumbleUpon XSS (fixed)

[Full-disclosure] StumbleUpon XSS (fixed)

From: Berend-Jan Wever <berendjanwever_at_nospam>
Date: Tue Aug 12 2008 - 12:03:47 GMT
To: full-disclosure@lists.grok.org.uk

Hi all,

I found an XSS issue in StumbleUpon, which has been fixed. If you're interested in what the problem was, look here: http://skypher.com/

What I found most interesting about this case is that there were only 40 minutes between the acknowledgement of receipt of my email about the issue and their fix being online. In my experience that is really, really fast!



Berend-Jan Wever <berendjanwever_at_gmail.com> http://skypher.com

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/