Reply to post: Old as the hills and still being perpetrated

Cisco SMB kit harbors cross-site scripting bug: One wrong link click... and that's your router pwned remotely

Mike 137 Silver badge

Old as the hills and still being perpetrated

"The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software."

When, oh when, will developers accept that specific white list based context dependent validation is essential for every input?

It's far from sufficient to declare that you "haven't heard of our cock-up being abused", particularly as it's so simple to avoid making it in the first place.

Anyone heard of OWASP?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021