New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reflecting XSS vulnerability in administrative backend of Croogo v.2.2.0 #599
Comments
|
Hi Stefan, Thanks for the report. Please forward the details to security@croogo.org. |
|
Done! :-) |
|
Closing since 2.2.1 has been released. Thank you |
|
Could you add a web page for information how to report security issues in the future, thanks! |
|
Hi, We've brought back the "Support" menu in croogo.org. The URL https://croogo.org/security has also been created. It redirects to the same Support page (with direct anchor link Do you think it will suffice? |
|
From my point of view, it will suffice as I researched your official webpage for such a hint on how to send reports like mine to you. Now I would know. Do you agree Henri? |
|
Yes, thanks! :) |
|
Cool. Thanks for helping with security guys. |
Dear ladies and gentlemen.
Unfortunately, I haven't found a clear section on your webpage where to send security related issues to via mail so I'm using this platform.
I found a reflecting XSS vulnerability in your product Croogo v.2.2.0 residing in the administrative backend which could be abused to trick an administrator to click a crafted link which executes arbitrary HTML- and/or JavaScript-code.
I am releasing an advisory on my blog (without technical details). Please provide me an email address where I can send my informations to, so you can patch this vulnerability. If I don't here anything from you until 17th January 2015, I am releasing the technical details as well.
Thank you.
Steffen Rösemann
The text was updated successfully, but these errors were encountered: