Recent Topics

XSS in versions 1.8.2 and 1.8.3

Started by on Oct 20, 2006 – Contents updated: Oct 20, 2006

Oct 20, 2006 16:38    

We have discovered a cross site scripting attack that we verified in 1.8.2 on our dev environment and the demo site available on b2evolution.net which is 1.8.3.

What is the best way to notifying the developers without making the vulnerability publicly known until it can be fixed ?

Dave.

Oct 20, 2006 17:00

I'll put a note on the developers list for you, one of them should contact you shortly.

¥

Oct 20, 2006 18:39

Thanks to both of you. I've contacted Ladadada and will look into fixing it for 1.8.3.


Form is loading...

multiple blogs – This forum is powered by b2evolution CMS, a complete engine for your website.