Is codeforces site vulnerable in XSS attack? - Codeforces

→ Pay attention

Contest is running
Pinely Round 4 (Div. 1 + Div. 2)
01:10:31

→ Streams

Codeforces Pinely Round 4 (Div 1 + Div 2) Solution Discussion

By Shayan

Before stream 01:15:30

Codeforces Pinely Round 4 Solution Discussion

By aryanc403

Before stream 01:15:30

View all →

→ Top rated

#	User	Rating
1	tourist	3880
2	jiangly	3669
3	ecnerwala	3654
4	Benq	3627
5	orzdevinwang	3612
6	Geothermal	3569
6	cnnfls_csy	3569
8	jqdai0815	3532
9	Radewoosh	3522
10	gyh20	3447

Countries | Cities | Organizations

→ Top contributors

#	User	Contrib.
1	awoo	161
1	maomao90	161
3	adamant	156
4	maroonrk	153
5	atcoder_official	149
6	-is-this-fft-	148
6	SecondThread	148
8	Petr	147
9	Vladosiya	144
9	nor	144

View all →

→ Find user

→ Recent actions

Detailed →

Is codeforces site vulnerable in XSS attack?

Revision en1, by nyan101, 2016-10-18 19:16:48

Today, I saw a weird situation in Codeforces. When I enter the site, it shows me a usual site for a moment. But after that, it turns to blank webpage with only a string "What does this code do?". I saw webpage's HTML code and found out there's an unusual javascript snippet in the blog entry. I thought it's kind of an XSS attack and tried again with "block javascript" option on.

I'm not sure why this happened, but hope this won't last long. If the administrator of the Codeforce can see this, please fix it soon.

p.s. The author of that article(with harmful script) is "10minutemail", it seems he(or she) used a temporal mail.

History

Revisions

	Rev.	Lang.	By	When	Δ	Comment
	en4		nyan101	2016-10-18 19:22:31	133
	en3		nyan101	2016-10-18 19:19:37	8
	en2		nyan101	2016-10-18 19:19:09	142
	en1		nyan101	2016-10-18 19:16:48	682	(published)