Issue: XSS in Comments (VW4 Alpha)

Issue Tools
- View Comments

June 15, 2012 4:47 AM

pegasus

VaultWiki Team

XSS in Comments (VW4 Alpha)

Although we didn't have the settings enabled, it was possible to create a XSS exploit in VaultWiki 4 Alpha 1 by enabling HTML in comments. While there were Usergroup Permissions as well, the permissions were not overriding the global setting.

This should now be Fixed in Aardvark, but trying to use XSS exploits like this should be something on the Alpha Team task list.

Note that this exploit only affected Alpha 1, which is not public and was only used on private (now patched) servers.

Issue Details

Issue Number 2782

Issue Type Bug

Project VaultWiki 4.x Series

Category Discussions / Comments

Status Fixed

Priority 1 - Security / Login / Data Loss

Affected Version 4.0.0 Alpha 1 Aardvark

Fixed Version 4.0.0 Alpha 1 Aardvark

Milestone (none)

Software DependencyAny

License TypePaid

Users able to reproduce bug 0

Users unable to reproduce bug 0

Attachments 0

Assigned Users (none)

Tags (none)

November 25, 2024 12:43 AM
Issue Changed by pegasus
- Issue marked as addressed
- Addressed version changed from Unknown to 4.0.0 Alpha 1 Aardvark

+ Reply

All times are GMT -4. The time now is 11:06 PM.

This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Learn more… Accept Remind me later

Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

Issue: XSS in Comments (VW4 Alpha)

Issue Tools