[Security Issue] The offending XSS code is still in the repository.
AlexanderOMara opened this issue · 1 comments
AlexanderOMara commented
The code that was removed for the XSS vulnerability is still in the repository.
source/fontcustom-templates/.svn/text-base/example.html.svn-base
Thankfully it is inside a dot folder and does not have the .html
extension but, depending on the server configuration, it might be possible to coerce the browser to render it as HTML. Some servers might even serve the file with the text/html
Content-Type
.
jasmussen commented
Thanks for reporting this! I have removed the files now, they should'nt have been there in the first place.