Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
XSS Vulnerability (2018 10 27)
Affects: <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0
Fixed versions: 0.18.1, 0.17.3, 0.16.4, 0.15.2, 0.14.2
For more general reading on the impact of XSS vulnerabilities, please see https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
For those needing to patch manually, please apply the following commit:
Antonin Steinhauser (github: steinhause) for reporting an XSS vulnerability in the app/helpers/tag_helper.rb file.
Responsible disclosure policy
Please report issues to email@example.com. We will work with you to understand the issue and how we can fix it. Please do not disclose the issue publicly until it has been resolved and released. We're more than willing to give you credit for discovering the issue, once it has been patched and announced, but until then we ask that you consider the security implications of the issue you have found and the impact on others using an un-patched system.
Further details can be found here: https://github.com/fatfreecrm/fat_free_crm/wiki/Security