
Persistent XSS for Medium accounts - r2r
https://medium.com/@homakov/persistent-xss-for-medium-accounts-or-backdooring-domains-ecf5bf6c218d
======
michaelt
As far as I can tell the TLDR here is: domains can have previous owners, who
might have made users cache malicious pages forever.

I agree it's a concerning thing, but I must be missing something because I
don't see why this is a medium-specific issue - doesn't it impact almost every
website?

~~~
Rjevski
I think the issue with Medium is that on a conventional self-hosted domain it
only puts content and users of that domain at risk. With Medium it not only
puts the content at risk but any user's Medium account.

