New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross-site scripting vulnerability #444
Comments
|
Thanks for reporting this. I never got an email... my @esotalk.org address might be broken, I'll look into it. |
|
What should I do to reproduce this? |
|
Good that you found more issues. @tobscure can you fix that one too? I was also planning to perform security testing for esoTalk codebase when I have spare time in near future. |
|
This should help develop...inliquid:patch-1 |
|
Thanks @inliquid |
|
@7php nested set model |
|
awesome, thanks @tobscure ! |
|
@inliquid I was able to reproduce this cross-site scripting vulnerability without problems e.g. when using logged in administrator account. |
|
@fgeek maybe it wasn't working because of some of my plugins. |
|
@tobscure I have sent email to your Gmail address in your GitHub profile. Did you receive it? |
|
MITRE assigned CVE-2015-9285 for this issue. |

Hello,
Cross-site scripting vulnerability has been announced in full disclosure mailing list.
According to this Curesec advisory timeline they were unable to contact you:
Issue can be reproduced with following URL:
Do you have plans to fix this security vulnerability? If you do not plan to fix vulnerabilities in esoTalk please mention it in the README or similar, thank you. As far as I can tell this issue does not yet have CVE identifier assigned. Have you request it?
The text was updated successfully, but these errors were encountered: