EDITED::…
This was originally reported as link spam, but could easily be a lot worse.
When registering, the user name field is open to possible attack.
Code will be processed on the members page.
The code can be overflown to the homepage fairly easily.
XSS can be used.
I would now consider this as a serious exploit.
I would suggest fixing this bug A.S.A.P
I have been using AV Arcade for a while now and think it’s a great script.
I have spent a lot of time looking through the source code and have have some success with my arcade site.
There are a few small issues with the script which don’t detract from the usability, but could reduce crawlability, SERPs and so on.
AV Arcade v4.0.2 [Unofficial] is my contribution to the great free arcade script.
I have removed and updated any redundant code.
I made the whole script w3c compliant, in the hope of making search engine indexing and updating easier.
I have implemented various small SEO changes to various pages.
Most of the changes I made were small.
It will, hopefully, make creating modules and templates a little easier too.
I havn’t changed the functionality of the script at all, but hope to have cleaned it up and added a few small tweaks.
Categories
Tag Cloud
Blog RSS
Comments RSS
Void « Default
Life 
Earth 
Wind 
Water 
Fire Light
Last 50 Posts
Back