My client's wordpress website was recently hit hard by an XSS attack. Since I am not doing a lot of maintenance these days, I would like to move to grav. I was just wondering if grav is XSS safe and what kind of penetration testing has been done on it?
Support
@vikas:
XSS
what is a XSS attack, iam still new to this
This link should give you a bit of an overview: https://en.wikipedia.org/wiki/Cross-site_scripting
We've had a few XSS issues reported over the past couple of years, and those have all been promptly fixed. To be honest, most XSS issues reported have required a valid admin login, which really means the user already has complete access to the content anyway, so the XSS vector was not really a realistic vulnerability.
@rhuk:
We’ve had a few XSS issues reported over the past couple of years, and those have all been promptly fixed.
Cheers for the quick reply Andy. I came across this in the meantime. Looking forward to working with Grav.
Log in to reply.
Suggested topics
| Topic | Participants | Replies | Views | Activity |
|---|---|---|---|---|
| 1 | 120 | 2 days ago | ||
| 5 | 194 | 2 days ago | ||
| 0 | 44 | 2 days ago | ||
| 0 | 43 | 3 days ago | ||
| 3 | 92 | 3 days ago |