We have discovered a cross site scripting attack that we verified in 1.8.2 on our dev environment and the demo site available on b2evolution.net which is 1.8.3.
What is the best way to notifying the developers without making the vulnerability publicly known until it can be fixed ?
General Support
b2evolution CMS Support Forums
I'll put a note on the developers list for you, one of them should contact you shortly.
¥