Hi All,
I was wondering if someone has seen this:
http://bl0g.yehg.net/2012/04/fastpath-webchat-multiple-cross-site.html
If someone could jump on it - we will all be greatful .
Regards,
Kalin
Considering the trust relationship between a webchat client and the associated Openfire server, I am curious to understand how the script injection is introduced by a third party.
Any further detail will be appreciated espcially on exactly how the script injection is done.
Anyone could modify the source code and implement the changes suggested at http://en.wikipedia.org/wiki/Cross-site_scripting, but it still does not stop a hacker from changing the code and putting a malicious version on an untrusted web site.
Anyone using webchat should be checking the data stored on their database and removing spam and unwanted content including embedded malicious scripts I am not convinced there is any reason for panic.