I'm sorry about your getting hit and if you want to send me direct mail, I'll see that it gets to the right people. I'll also make sure to check out the situation with that list because it should not be blocking non-subscribers. As a side note, it might be irresponsable of me but I don't personally think most security issues warrant as much secrecy as the sec community proscribe although it's always important to keep PoC scripts out of the hands of people who might try running them. Thanks, Caleb On 12/04/2012 10:21 PM, Jan-Philip Loos wrote:
Hello,
tonight some XWikis Sites were attacked with XSS. One of this sites is our own, which runs 4.2.
A wrote the details to [email protected] mailing list, but it's rejected by [email protected]. According to http://dev.xwiki.org/xwiki/bin/view/Community/MailingLists : "However, anyone can write to these lists to report issues (no subscription needed)." I think I misinterpreted it.
How can I post the details on this attack to a non public space?
Greetings
Jan-Philip Loos
-- View this message in context: http://xwiki.475771.n2.nabble.com/XSS-Security-Hole-how-to-post-to-security-... Sent from the XWiki- Users mailing list archive at Nabble.com. _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users