Skip to content
Grav 2.0 is officially stable. Read the announcement →
Support

Has the core and themes been tested for XSS attacks?

Started by Vikas 9 years ago · 4 replies · 709 views
9 years ago

My client's wordpress website was recently hit hard by an XSS attack. Since I am not doing a lot of maintenance these days, I would like to move to grav. I was just wondering if grav is XSS safe and what kind of penetration testing has been done on it?

9 years ago

@vikas:
XSS

what is a XSS attack, iam still new to this

9 years ago

We've had a few XSS issues reported over the past couple of years, and those have all been promptly fixed. To be honest, most XSS issues reported have required a valid admin login, which really means the user already has complete access to the content anyway, so the XSS vector was not really a realistic vulnerability.

👍 1
9 years ago

@rhuk:
We’ve had a few XSS issues reported over the past couple of years, and those have all been promptly fixed.

Cheers for the quick reply Andy. I came across this in the meantime. Looking forward to working with Grav.

Suggested topics

Topic Participants Replies Views Activity
Support · by BenLaKnet, 5 days ago
1 120 2 days ago
Support · by BenLaKnet, 1 week ago
5 194 2 days ago
Support · by kskt, 2 days ago
0 44 2 days ago
Support · by David Meissner, 3 days ago
0 43 3 days ago
Support · by David Meissner, 3 days ago
3 92 3 days ago