Topic: XSS · BuddyPress.org

Skip to:: Content; Pages; Categories; Search; Top; Bottom

XSS

2879457
Inactive

15 years, 6 months ago

There seem so be several XSS issues still to solve. I just opened a test account and posted a widely accessible XSS string for testing purposes, which even affected the front page.

http://testbp.org/groups

I deleted my account to remove the content but forgot to delete my account. Therefore the XSS test group is still there:

http://testbp.org/groups/alert0alert1alert2alert3-alert4alert6function-xss

I hope you are intending to increase the security of buddypress.

Cheers

Viewing 6 replies - 1 through 6 (of 6 total)

Paul Wong-Gibbs
Keymaster

@djpaul

15 years, 6 months ago

good catch

Andy Peatling
Keymaster

@apeatling

15 years, 6 months ago

Already patched in the trunk, this will be updated in 1.0.1 very soon.

Jeff Sayre
Participant

@jeffsayre

15 years, 6 months ago

Since, as Andy indicates, this is patched in trunk, I’m setting this thread to resolved.

Paul Wong-Gibbs
Keymaster

@djpaul

15 years, 6 months ago

Andy & I have just spent a couple of hours going after these things, situation should be much improved.

Jeff Sayre
Participant

@jeffsayre

15 years, 6 months ago

DJPaul-

Thanks for taking the initiative and sleuthing out the bad spots!

Kunal17
Participant

@kunal17

15 years, 6 months ago

What is the ETA for a full 1.0.1 download? Love to know what improvements are coming up.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘XSS’ is closed to new replies.