-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XSS Vulnerability caused by Redactor 3 #796
Comments
Hi,
Thank you the detailed explanation.
Can you make a pull request? So that i can merge it. If not ill be doing as early as possible.
Once again thanks for bringing to our notice.
… On 05-Jul-2018, at 2:40 PM, Chenfeng Nie ***@***.***> wrote:
The stored XSS can be triggered once you editing content by using Redactor 3 (https://imperavi.com/redactor/) plugin. it can be found in both PAGE and BLOG modules.
To developer:
Please avoid use Redactor right now before they fix this issue.
Reference:
#794
https://imperavi.com/redactor/
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@anupriya17 I'll be looking into it right now. |
@levoncf @anupriya17 I've disabled Redactor immediately. Will investigate into further. Feel free to share your opinions |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The stored XSS can be triggered once you editing content by using Redactor 3 (https://imperavi.com/redactor/) plugin. it can be found in both PAGE and BLOG modules.
To developer:
Please avoid use Redactor right now before they fix this issue.
Reference:
#794
https://imperavi.com/redactor/
The text was updated successfully, but these errors were encountered: