Persistent XSS for Medium accounts

Persistent XSS for Medium accounts(medium.com)

45 points by r2r 8 years ago | 2 comments

michaelt 8 years ago |

As far as I can tell the TLDR here is: domains can have previous owners, who might have made users cache malicious pages forever.

I agree it's a concerning thing, but I must be missing something because I don't see why this is a medium-specific issue - doesn't it impact almost every website?

Rjevski 8 years ago | |

I think the issue with Medium is that on a conventional self-hosted domain it only puts content and users of that domain at risk. With Medium it not only puts the content at risk but any user's Medium account.