[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities
- From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 29 Jun 2011 13:40:29 +1200
Christian Sciberras wrote:
> Rather than that, I'd say the dev team is out of sync with the security
> team..
Assuming that that may be a reasonable one-sentence encapsulation of
how Joomla development is organized...
The fact such a sentence can be meaningfully utterred tells us there
are major problems _inherent_ in Joomla.
The kind of problems that scream "Why would anyone in their right mind
use it?"
Oh, wait -- it's written in PHP, right...
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/