Page 1 of 1

XSS vulnerability reported/fixed

Posted: Tue May 22, 2018 6:34 pm
by Andrew Lee
A researcher (eSecHax0r) has reported a XSS (cross site scripting) vulnerability with TPFC:

To be honest, I'm not an expert on XSS. After contacting the researcher and reading up on on the subject, I implemented a fix (incredibily, just a one-liner) which has been accepted by him/her. Many thanks to eSecHax0r for providing information on this vulnerability and engaging in responsible disclosure.

So far, the fix has lead to one reported issue. That has been dealt with.

If you spot any other issue, please let me know.

Re: XSS vulnerability reported/fixed

Posted: Wed May 23, 2018 2:52 am
by eSecHax0r
Thanks Bro :)