#1253 ✓resolved
Sudhanshu

XSS in Exponent-2.3.2

Reported by Sudhanshu | December 28th, 2014 @ 06:29 AM | in 2.3.3 (closed)

Hi,

I have identified a XSS vulnerability in exponent-2.3.2. Kindly reply at sudhanshu@octogence.com for details.

Alternate Email: sudhanshuchauhan007@yahoo.com

Regards
Sudhanshu

Comments and changes to this ticket

  • dleffler

    dleffler December 31st, 2014 @ 12:55 AM

    • State changed from “new” to “resolved”
    • Tag set to security
    • Assigned user changed from “expNinja” to “dleffler”
    • Milestone set to 2.3.3

    Fixed with recent push where we now strip all attempts to inject any tags into the input...will be issued in 232patch1 to be released in a day or so.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket

Tags

Pages