New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS Vulnerability caused by Redactor 3 #796

Open
levoncf opened this Issue Jul 5, 2018 · 3 comments

Comments

Projects
None yet
3 participants
@levoncf

levoncf commented Jul 5, 2018

The stored XSS can be triggered once you editing content by using Redactor 3 (https://imperavi.com/redactor/) plugin. it can be found in both PAGE and BLOG modules.

image

To developer:
Please avoid use Redactor right now before they fix this issue.

Reference:
#794
https://imperavi.com/redactor/

@anupriya17

This comment has been minimized.

anupriya17 commented Jul 5, 2018

@sandeepone

This comment has been minimized.

Member

sandeepone commented Jul 5, 2018

@anupriya17 I'll be looking into it right now.

sandeepone added a commit that referenced this issue Jul 5, 2018

Security Fix XSS using Redactor
Thanks for pointing the bug #794 #796. by @y-mehta @levoncf
@sandeepone

This comment has been minimized.

Member

sandeepone commented Jul 5, 2018

@levoncf @anupriya17 I've disabled Redactor immediately. Will investigate into further. Feel free to share your opinions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment