InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Mavo

https://forums.informaction.com/viewtopic.php?t=22874

Page 1 of 1

Mavo

Posted: Wed May 31, 2017 2:34 pm
by therube
Enough already.
I've got to ask.

Just what is a Mavo script/expression?
And what makes it so (potentially) bad?

Re: Mavo

Posted: Wed May 31, 2017 3:34 pm
by barbaz
(Not that I would know, but search turns up this and a bunch of obviously-irrelevant stuff - https://mavo.io/)

Re: Mavo

Posted: Thu Jun 01, 2017 12:45 am
by Thrawn
If you're referring to the v5.0.5 changelog entry, then I'm guessing that Mavo (yes, mavo.io), which allows editing of pages via a browser, uses specific syntax to represent changes to pages. And that syntax would (naturally) allow a page to be changed in a way that would insert scripts. And since it's not normal HTML, it would previously have bypassed the XSS filter.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited