|
|
|
|
|
|
by londons_explore
1963 days ago
|
|
|
I could imagine coinbase have critical cookies containing user sessions attached to coinbase.com. If they have a wordpress blog at blog.coinbase.com, then any xss attack in wordpress can steal customer accounts. Sure, it's a fixable problem (by moving high security cookies into login.coinbase.com or something similar), but that's a big migration, and probably nowhere near the top of the engineering priority list. |
|
|
I highly doubt either WordPress or Medium are susceptible to an XSS attack, but if I had to bet on one being safer I would bet on the open source software already used to power thousands of high profile websites.