Join 36 million developers who use GitHub
issues to help identify, assign, and keep track of the features and
bug fixes your projects need.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
Vunlerable Version: Release_3.5.4 and probably prior
Tested Version: Release_3.5.4
Author: ADLab of Venustech
Multiple Cross-Site Scripting (XSS) were discovered in “openeclass Release_3.5.4”, which can be exploited to execute arbitrary code.
The vulnerabilities exist due to insufficient filtration of user-supplied data in multiple parameters passed to the “openeclass-master/modules/tc/webconf/webconf.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
Thank you very much! Script has been fixed.
Can you link to the fixing commit please?
Please see the following commits:
e804fff (future development branch - 4.0)
18d625f (next release branch - 3.6)
55fde0b (current release branch - 3.5.5)
Great thank you!