XSS in Exponent-2.3.2
Reported by Sudhanshu | December 28th, 2014 @ 06:29 AM | in 2.3.3 (closed)
Hi,
I have identified a XSS vulnerability in exponent-2.3.2. Kindly reply at sudhanshu@octogence.com for details.
Alternate Email: sudhanshuchauhan007@yahoo.com
Regards
Sudhanshu
Comments and changes to this ticket
-
dleffler December 31st, 2014 @ 12:55 AM
- State changed from “new” to “resolved”
- Tag set to “security”
- Assigned user changed from “expNinja” to “dleffler”
- Milestone set to “2.3.3”
Fixed with recent push where we now strip all attempts to inject any tags into the input...will be issued in 232patch1 to be released in a day or so.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Bug Tracker for Exponent CMS
dleffler
expNinja