Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerabilities in FlatPress 1.0.2 #14

Closed
omarkurt opened this issue Mar 5, 2014 · 8 comments
Closed

Security vulnerabilities in FlatPress 1.0.2 #14

omarkurt opened this issue Mar 5, 2014 · 8 comments

Comments

@omarkurt
Copy link

omarkurt commented Mar 5, 2014

XSS in comment param 'content' found.

Url http://example.com/flatpress-1.0.2/?x=entry:entry131210-125112;comments:1
Parameter Name content
Parameter Type Post
Attack Pattern </textarea><scRipt>alert(9)</scRipt>
evacchi added a commit that referenced this issue Mar 6, 2014
@evacchi
Issue #14 : XSS fix
924668f
@evacchi
Copy link
Collaborator

evacchi commented Mar 6, 2014

Hi Omar,

Commit #924668f should close this issue.

@omarkurt omarkurt closed this as completed Mar 7, 2014
@omarkurt omarkurt reopened this Apr 4, 2014
@omarkurt omarkurt closed this as completed Apr 4, 2014
@fgeek
Copy link

fgeek commented Mar 29, 2015

What release version contains this patch? I am talking about version number, which is shown in fp-includes/core/core.system.php file, thank you.

Here are few references for this case:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-100036
https://www.netsparker.com/critical-xss-vulnerabilities-in-flatpress/

@fgeek
Copy link

fgeek commented Jun 10, 2015

@evacchi Could you create new release, which includes this fix?

@evacchi
Copy link
Collaborator

evacchi commented Jun 12, 2015

Sure, will do asap
Il 10/giu/2015 17:07, "Henri Salo" notifications@github.com ha scritto:

@evacchi https://github.com/evacchi Could you create new release, which
includes this fix?


Reply to this email directly or view it on GitHub
https://github.com/evacchi/flatpress/issues/14#issuecomment-110788991.

@fgeek
Copy link

fgeek commented Jun 12, 2015

Thanks!

@evacchi
Copy link
Collaborator

evacchi commented Jun 12, 2015

out :)

@fgeek
Copy link

fgeek commented Jun 12, 2015

Added detection in to pyfiscan: fgeek/pyfiscan@1fb23c3

@evacchi
Copy link
Collaborator

evacchi commented Jun 12, 2015

👍

@justrudra justrudra mentioned this issue Oct 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fgeek @evacchi @omarkurt