3 comments

[ 3.2 ms ] story [ 19.5 ms ] thread
Stack Overflow should feel embarrassed for this. Blatant XSS attack, script tags included. User credentials could have easily been stolen as a result of this.

I hope they force invalidate all sessions as a precaution instead of trying to brush this under the rug.

Interesting how it only took this little time for the vulnerability to appear and it being found
I’m surprised Stack Overflow doesn’t have a CSP that would prevent this.