Artificial truth

The more you see, the less you believe.

[archives] [latest] | [homepage] | [atom/rss]

My first CVE
Thu 03 April 2014 — download

It seems that someone requested a CVE for the batch of XSS I found in Shaarli 6 month ago. Since the software is not really maintained, nor widely used, a CVE for this seems weird. Anyway CVE-2013-7351 was assigned, time to party in honour of my first CVE \o/

Bonus: json_encode has never been an XSS mitigation ;)