OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Wbb 2.3. xss

From: Adrian (adrianplanetcoding.net)
Date: Sat Mar 04 2006 - 13:32:03 CST


Thats not a real problem.
You need a valid acp session id which is impossible to get unless you
compromise the system of an administrator (it's not stored in a
cookie).
Additionally it's in the admin cp, so it's not exploitable by bad
people unless you give them acp access.