#1253 ✓resolved

XSS in Exponent-2.3.2

Reported by Sudhanshu | December 28th, 2014 @ 06:29 AM | in 2.3.3 (closed)


I have identified a XSS vulnerability in exponent-2.3.2. Kindly reply at sudhanshu@octogence.com for details.

Alternate Email: sudhanshuchauhan007@yahoo.com


Comments and changes to this ticket

  • dleffler

    dleffler December 31st, 2014 @ 12:55 AM

    • State changed from “new” to “resolved”
    • Tag set to security
    • Assigned user changed from “expNinja” to “dleffler”
    • Milestone set to 2.3.3

    Fixed with recent push where we now strip all attempts to inject any tags into the input...will be issued in 232patch1 to be released in a day or so.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket