About one hour ago, a bug was reported which could enable an attacker to inject arbitrary javascript into any Team9000 page, by crafting a special link to the page and convincing you to click on it (known as an XSS attack). The bug has been patched and fixed, and its reporter has been awarded the first ever Team9000 Security Challenge Award.
Keep in mind that it is unlikely that your password, or any of your account information was compromised by this possible attack. We believe the bug report to be the first known incident of its use, but want to be transparent in the disclosure of the bug's existence.
As always, if you discover any potential exploit in the Team9000 community network, you may be eligible for a Team9000 Security Challenge Award. I'd like to thank the submitter (who will remain anonymous unless told otherwise) for his time and effort in the discovery of this bug.
Details about the patched exploit are available here:
https://bugs.team9000.net/view.php?id=134
Keep in mind that it is unlikely that your password, or any of your account information was compromised by this possible attack. We believe the bug report to be the first known incident of its use, but want to be transparent in the disclosure of the bug's existence.
As always, if you discover any potential exploit in the Team9000 community network, you may be eligible for a Team9000 Security Challenge Award. I'd like to thank the submitter (who will remain anonymous unless told otherwise) for his time and effort in the discovery of this bug.
Details about the patched exploit are available here:
https://bugs.team9000.net/view.php?id=134
