2.2.7 Cross Site Scripting Vulnerability

Question

2.2.7 Cross Site Scripting Vulnerability

Closed this issue 7 years ago · 5 comments

http://seclists.org/bugtraq/2015/Mar/15

Answer 1 · 2017-06-17T13:13:58.000Z

I'll publish Search.php fix shortly but I were unable to reproduce POST XSS in profile.php
( I'm not sure if it wasn't fixed in this commit ).
Edit: I see it now

Answer 2 · 2017-07-01T09:16:02.000Z

CVE-2015-2217 has been assigned for this issue. Please use it in your ChangeLog when releasing new version, thanks. Could you create new release with this fix, thanks?

Answer 3 · 2017-07-01T22:00:38.000Z

I'll have a look in to this issue, it would need confirming that it is fixed before we release the next version.

Answer 4 · 2017-07-01T22:35:27.000Z

So looking at this, it is not fixed, but we have to cURL it to do the final test as I can't replicate.

Answer 5 · 2017-07-01T23:24:12.000Z

Okay, this is official, bug has been previously sanitized. Cannot reproduce. I can change all the detail's in cURL but unable to create the bug, even using the original CVE.