Quote:
Originally Posted by Ramp
I'd say this is a security hole and needs fixing  |
Yea, It has been on xssposed.org for a while.
If credentials are stored only on cookies, With the right javascript, Could steal admin cookie and take over admin. Only a possibility. Persistent XSS is much more dangerous than reflective.