XSS vulnerability reported/fixed

Changes, updates etc. related to this website will be posted here.
Post Reply
Message
Author
User avatar
Andrew Lee
Posts: 3048
Joined: Sat Feb 04, 2006 9:19 am
Contact:

XSS vulnerability reported/fixed

#1 Post by Andrew Lee »

A researcher (eSecHax0r) has reported a XSS (cross site scripting) vulnerability with TPFC:

https://www.openbugbounty.org/reports/618344/

To be honest, I'm not an expert on XSS. After contacting the researcher and reading up on on the subject, I implemented a fix (incredibily, just a one-liner) which has been accepted by him/her. Many thanks to eSecHax0r for providing information on this vulnerability and engaging in responsible disclosure.

So far, the fix has lead to one reported issue. That has been dealt with.

If you spot any other issue, please let me know.

eSecHax0r
Posts: 1
Joined: Wed May 23, 2018 2:49 am

Re: XSS vulnerability reported/fixed

#2 Post by eSecHax0r »

Thanks Bro :)

Post Reply