
XSS in Exponent-2.3.2
Reported by Sudhanshu | December 28th, 2014 @ 06:29 AM | in 2.3.3 (closed)
Hi,
I have identified a XSS vulnerability in exponent-2.3.2. Kindly reply at sudhanshu@octogence.com for details.
Alternate Email: sudhanshuchauhan007@yahoo.com
Regards
Sudhanshu
Comments and changes to this ticket
-
dleffler December 31st, 2014 @ 12:55 AM
- State changed from new to resolved
- Tag set to security
- Assigned user changed from expNinja to dleffler
- Milestone set to 2.3.3
Fixed with recent push where we now strip all attempts to inject any tags into the input...will be issued in 232patch1 to be released in a day or so.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.