My client's wordpress website was recently hit hard by an XSS attack. Since I am not doing a lot of maintenance these days, I would like to move to grav. I was just wondering if grav is XSS safe and what kind of penetration testing has been done on it?
Community guidelines
Please keep discussions civil and on-topic. Repeated violations may lead to a temporary ban.
Support
@vikas:
XSS
what is a XSS attack, iam still new to this
This link should give you a bit of an overview: https://en.wikipedia.org/wiki/Cross-site_scripting
We've had a few XSS issues reported over the past couple of years, and those have all been promptly fixed. To be honest, most XSS issues reported have required a valid admin login, which really means the user already has complete access to the content anyway, so the XSS vector was not really a realistic vulnerability.
@rhuk:
We’ve had a few XSS issues reported over the past couple of years, and those have all been promptly fixed.
Cheers for the quick reply Andy. I came across this in the meantime. Looking forward to working with Grav.
Log in to reply.
Suggested topics
| Topic | Participants | Replies | Views | Activity |
|---|---|---|---|---|
| 2 | 53 | 10 hours ago | ||
| 2 | 60 | 13 hours ago | ||
| 1 | 30 | 14 hours ago | ||
| 2 | 65 | 5 days ago | ||
| 2 | 56 | 5 days ago |