My client’s wordpress website was recently hit hard by an XSS attack. Since I am not doing a lot of maintenance these days, I would like to move to grav. I was just wondering if grav is XSS safe and what kind of penetration testing has been done on it?
what is a XSS attack, iam still new to this
This link should give you a bit of an overview: https://en.wikipedia.org/wiki/Cross-site_scripting
We’ve had a few XSS issues reported over the past couple of years, and those have all been promptly fixed. To be honest, most XSS issues reported have required a valid admin login, which really means the user already has complete access to the content anyway, so the XSS vector was not really a realistic vulnerability.
Cheers for the quick reply Andy. I came across this in the meantime. Looking forward to working with Grav.