XSS vulnerability reported/fixed
Posted: Tue May 22, 2018 6:34 pm
A researcher (eSecHax0r) has reported a XSS (cross site scripting) vulnerability with TPFC:
https://www.openbugbounty.org/reports/618344/
To be honest, I'm not an expert on XSS. After contacting the researcher and reading up on on the subject, I implemented a fix (incredibily, just a one-liner) which has been accepted by him/her. Many thanks to eSecHax0r for providing information on this vulnerability and engaging in responsible disclosure.
So far, the fix has lead to one reported issue. That has been dealt with.
If you spot any other issue, please let me know.
https://www.openbugbounty.org/reports/618344/
To be honest, I'm not an expert on XSS. After contacting the researcher and reading up on on the subject, I implemented a fix (incredibily, just a one-liner) which has been accepted by him/her. Many thanks to eSecHax0r for providing information on this vulnerability and engaging in responsible disclosure.
So far, the fix has lead to one reported issue. That has been dealt with.
If you spot any other issue, please let me know.
