Hallo @admin Joel wrote me (via chat) something about some security issues. I dont know if you already informed about it and if it got already fixed or not, thats why I post his info here again.
He wrote me:
Its me Joel Aviad Ossi
Are you here
Stored XSS Affecting admins!
https://codologic.com/forum/index.php?u=/user/profile/13903/edit
https://codologic.com/forum/admin/index.php?page=users/manage&action=edit&user_id=13903
This is not a vulnerability in codofurm but codologic central
it creates user in database without sanitization
This is very dangerous because there is still no httponly on the session cookie, attackers can steal your session and hijack admin accounts!
Kind regards, Andy
Hallo @admin Joel wrote me (via chat) something about some security issues. I dont know if you already informed about it and if it got already fixed or not, thats why I post his info here again.
**He wrote me:**
Its me Joel Aviad Ossi
Are you here
**Stored XSS Affecting admins!**
https://codologic.com/forum/index.php?u=/user/profile/13903/edit
https://codologic.com/forum/admin/index.php?page=users/manage&action=edit&user_id=13903
This is not a vulnerability in **codofurm but codologic central**
it creates user in database without sanitization
This is very dangerous because there is still no httponly on the session cookie, attackers can steal your session and hijack admin accounts!
Kind regards, Andy :)
https://net-twin.de/ Community for creative people - JOIN
https://github.com/WebCrew My GitHub account
https://prattle.space A niceTwitter alternative - JOIN
https://sell-co.de/ Lots of Tools and Utilities for free