New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stored XSS via document resources #14105
Comments
opengeek
added a commit
that referenced
this issue
Feb 22, 2019
* origin/2.x: (104 commits) Change the RSS feed URLs to HTTPS MODX Revolution 2.7.1-pl Update lexicons from crowdin Change after review Update phpThumb 1.7.15-201902101903 Restore html in resource tree (#14358) while preserving XSS protections in trees by default Handle deprecated $type and $responseCode parameters in $modx->sendRedirect and fix message Update lexicon entry Include not deleted children of deleted parents in the list Using cltr/cmd and click will open the url in a new tab/window again for ExtJS elements that use `loadPage()` to open URLs Forbid generating child resources for deleted resources Fix #14094 XSS in the tree Fix #14105 Fix #14104 Fix #14103 Fix #14102 Enable remote avatars Fix regression in resourcelist that prevents parents from working correctly Improve wording in variables ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Create new document with pagetitle
</title><img src=# onerror=alert(1); /><!--XSS work in:
The text was updated successfully, but these errors were encountered: