Is codeforces site vulnerable in XSS attack?

Revision en3, by nyan101, 2016-10-18 19:19:37

Today, I saw a weird situation in Codeforces. When I enter the site, it shows me a usual site for a moment. But after that, it turns to blank webpage with only a string "What does this code do?". I saw webpage's HTML code and found out there's an unusual javascript snippet in the blog entry. I thought it's kind of an XSS attack and tried again with "block javascript" option on.

I'm not sure why this happened, but hope this won't last long. If the administrator of the Codeforce can see this, please fix it soon.

p.s. The author of that article(with harmful script) is "10minutemail", it seems he(or she) used a temporal mail.

p.s.2. I'm not sure if the "Add Images" option work without Javascript, so I add the imgur link for what I found ( http://imgur.com/a/vSEOT )

History

 
 
 
 
Revisions
 
 
  Rev. Lang. By When Δ Comment
en4 English nyan101 2016-10-18 19:22:31 133
en3 English nyan101 2016-10-18 19:19:37 8
en2 English nyan101 2016-10-18 19:19:09 142
en1 English nyan101 2016-10-18 19:16:48 682 (published)