still not patched: jan 25 2014
self persistent xss
severity: low
Archives: January 2014
Persistent XSS on avast.com
I filed a security report on 16 September 2013 and received avast first reply on 17 September 2013.
I never received any updates about the vulnerability. I decided to check it today and found out that it is now patched. Just send them another email, i’ll wait and see what will happen next.
WordPress 3.6 vulnerabilities [Video]
A collection of some of the the vulns in wp 3.6
(http://www.anakornk.com/?p=20)
Facebook Photo.php Set Parameter Bug
mentioned about it earlier here
here is a recorded video of it
9gag.com – Account Take Over Vulnerability via Change Email XSRF
posted an persistent xss located in the first name field of the 9gag users’ a few years back during 2012. Simply edit the html of maxchar to bypass the char limit and insert in attackingĀ vectors.
Somehow the xss is now patched on late 2013.
However, the xsrf still works. If anyone can find an xss vulnerability then they could use that with xsrf to take over a user account by changing the main email.