I'm not sure if it's the right place to discuss about this:
Security problem?
Collapse
X
-
Tags: None
-
Possible potential problem, but the question is do you have to be logged in as Admin in order to exploit that?ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment -
The complaint is that we allow admins to use HTML. Yes, if admins wish, they can use javascript within forum titles, user titles, etc.
They can also use it within the template editor. <shock>Comment
-
Just in case this wasn't clear, that alleged 'exploit' is entirely bogus. Furthermore we already told them as much.Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
Change CKEditor Colors to Match Style (for 4.1.4 and above)
Steve Machol Photography
Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.
Comment
-
-
ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online EntertainmentComment
-
I contacted Secunia on Friday. I'm surprised there's no update, as they're actually quite good at communicating with us (even before the reports are posted usually).Comment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment