Let us know!
Info about a vulnerability issue

Hallo @admin Joel wrote me (via chat) something about some security issues. I dont know if you already informed about it and if it got already fixed or not, thats why I post his info here again.

He wrote me:

Its me Joel Aviad Ossi
Are you here
Stored XSS Affecting admins!

https://codologic.com/forum/index.php?u=/user/profile/13903/edit
https://codologic.com/forum/admin/index.php?page=users/manage&action=edit&user_id=13903

This is not a vulnerability in codofurm but codologic central
it creates user in database without sanitization

This is very dangerous because there is still no httponly on the session cookie, attackers can steal your session and hijack admin accounts!

Kind regards, Andy smile

Hallo @admin Joel wrote me (via chat) something about some security issues. I dont know if you already informed about it and if it got already fixed or not, thats why I post his info here again. **He wrote me:** Its me Joel Aviad Ossi Are you here **Stored XSS Affecting admins!** https://codologic.com/forum/index.php?u=/user/profile/13903/edit https://codologic.com/forum/admin/index.php?page=users/manage&action=edit&user_id=13903 This is not a vulnerability in **codofurm but codologic central** it creates user in database without sanitization This is very dangerous because there is still no httponly on the session cookie, attackers can steal your session and hijack admin accounts! Kind regards, Andy :)

Yes, we know about this and we had fixed it. We will check it again.

Yes, we know about this and we had fixed it. We will check it again.
Necessity is the mother of all inventions!
28
1
2
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft