|
|
|
|
|
|
by derpenxyne
4951 days ago
|
|
|
The exploit uses a "data-uri script tag" in the video embed field. In other words, it runs some sort of script through the section of the site that's supposed to only allow video embed codes from sites like YouTube and Vimeo. A pretty serious security hole. |
|
|