A researcher (eSecHax0r) has reported a XSS (cross site scripting) vulnerability with TPFC:
https://www.openbugbounty.org/reports/618344/
To be honest, I'm not an expert on XSS. After contacting the researcher and reading up on on the subject, I implemented a fix (incredibily, just a one-liner) which has been accepted by him/her. Many thanks to eSecHax0r for providing information on this vulnerability and engaging in responsible disclosure.
So far, the fix has lead to one reported issue. That has been dealt with.
If you spot any other issue, please let me know.
XSS vulnerability reported/fixed
- Andrew Lee
- Posts: 3116
- Joined: Sat Feb 04, 2006 9:19 am
- Contact:
Re: XSS vulnerability reported/fixed
Thanks Bro