• Register
    • Help

    striker  0 Items
    Currently Supporting
    • Home
    • News
    • Forum
    • Wiki
    • Support
      • Manage Subscriptions
      • FAQ
      • Support For
        • VaultWiki 4.x Series
        • VaultWiki.org Site
    • What's New?
    • Buy Now
    • Manual
    • 
    • Support
    • VaultWiki 3.x Series
    • Bug
    • XSS in Comments (VW4 Alpha)

    1. Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

      VaultWiki allows your existing forum users to collaborate on creating and managing a site's content pages. VaultWiki is a fully-featured and fully-supported wiki solution for vBulletin and XenForo.

      The VaultWiki Team encourages you to join our community of forum administrators and check out VaultWiki for yourself.

    Issue: XSS in Comments (VW4 Alpha)

    • Issue Tools
      • View Changes
    1. issueid=2782 June 15, 2012 4:47 AM
      pegasus pegasus is offline
      VaultWiki Team
      XSS in Comments (VW4 Alpha)

      Although we didn't have the settings enabled, it was possible to create a XSS exploit in VaultWiki 4 Alpha 1 by enabling HTML in comments. While there were Usergroup Permissions as well, the permissions were not overriding the global setting.

      This should now be Fixed in Aardvark, but trying to use XSS exploits like this should be something on the Alpha Team task list.

      Note that this exploit only affected Alpha 1, which is not public and was only used on private (now patched) servers.
    Issue Details
    Issue Number 2782
    Issue Type Bug
    Project VaultWiki 3.x Series
    Category BB-Code Parsing
    Status Fixed
    Priority 1 - Security / Login / Data Loss
    Affected Version 4.0.0 Alpha 1
    Fixed Version 4.0.0 Alpha 1 Aardvark
    Milestone (none)
    Software DependencyAny
    Users able to reproduce bug 0
    Users unable to reproduce bug 0
    Attachments 0
    Assigned Users (none)
    Tags (none)




    + Reply

    Assigned Users
    Loading Please Wait
    Tags
    Loading Please Wait
    • Contact Us
    • License Agreement
    • Privacy
    • Terms
    • Top
    All times are GMT -4. The time now is 10:56 AM.
    This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Learn more… Accept Remind me later
  • striker
    Powered by vBulletin® Version 4.2.5 Beta 2
    Copyright © 2023 vBulletin Solutions Inc. All rights reserved.
    Search Engine Optimisation provided by DragonByte SEO (Pro) - vBulletin Mods & Addons Copyright © 2023 DragonByte Technologies Ltd.
    Copyright © 2008 - 2013 VaultWiki Team, Cracked Egg Studios, LLC.