This repository has been archived by the owner on Sep 18, 2024. It is now read-only.
XSS Vulnerability caused by Redactor 3 #796
Comments
|
Hi,
Thank you the detailed explanation.
Can you make a pull request? So that i can merge it. If not ill be doing as early as possible.
Once again thanks for bringing to our notice.
… On 05-Jul-2018, at 2:40 PM, Chenfeng Nie ***@***.***> wrote:
The stored XSS can be triggered once you editing content by using Redactor 3 (https://imperavi.com/redactor/) plugin. it can be found in both PAGE and BLOG modules.
To developer:
Please avoid use Redactor right now before they fix this issue.
Reference:
#794
https://imperavi.com/redactor/
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
@anupriya17 I'll be looking into it right now. |
|
@levoncf @anupriya17 I've disabled Redactor immediately. Will investigate into further. Feel free to share your opinions |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The stored XSS can be triggered once you editing content by using Redactor 3 (https://imperavi.com/redactor/) plugin. it can be found in both PAGE and BLOG modules.
To developer:
Please avoid use Redactor right now before they fix this issue.
Reference:
#794
https://imperavi.com/redactor/
The text was updated successfully, but these errors were encountered: