Blog

Hello, and welcome. I’m Raúl Benencia, also known as Rul, and this is my blog.

I publish mostly technical musings related to the Debian project, Emacs, and free software in general. There’s also a Spanish version.

CVE-2012-0220

2012-05-17

Two days ago I was playing with ikiwiki’s login methods and its templates. After that came the turn of the comments plugin and its input fields. Almost accidentaly, I discovered that the contents of comment’s author input field weren’t correctly sanitized, having as a consequence a stored XSS.