New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There is one XSS(stored) vulnerability that can get Cookies from other account #35
Comments
|
Thank you for your feedback. We will fix it in the next release. |
|
@easysoft was this issue ever addressed? |
|
Hello Nicole. This is Renee from EasySoft and I'm writing to talk about the vulnerability issue. Can I have your email to contact you? Mine is renee@easycorp.ltd.
…________________________________
From: Nicole <notifications@github.com>
Sent: Wednesday, April 22, 2020 19:32
To: easysoft/zentaopms <zentaopms@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: Re: [easysoft/zentaopms] There is one XSS(stored) vulnerability that can get Cookies from other account (#35)
@easysoft<https://github.com/easysoft> was this issue ever addressed?
Please note that CVE-2019-14731<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14731> was assigned to this issue.
If it was addressed could you kindly point me to the fixing commit ?
Thanks in advance !
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#35 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AEAFXV7MXUI4YXD6HUPJUZTRN3IVZANCNFSM4IJMDS7A>.
|
|
Just trying to understand if this issue was resolved as this still seems to execute? |
Yes, this is resolved in 11.6.1. |
There exists XSS(stored) vulnerability in Rich Text Box.
The vulnerability replication process is as follows:
<img src="a" onerror="alert(document.cookie)" />.The text was updated successfully, but these errors were encountered: