Security: authenticated Stored XSS

  • Resolved Anonymous User 20597857

    (@anonymized-20597857)


    1 year, 8 months ago

    Im neuesten Update (V. 6.4.2) steht “Security: authenticated Stored XSS” im ?nderungsprotokoll. Gab es irgendein Sicherheitsproblem? Gibt es mehr Details dazu?

    Leider gibt es unter https://complianz.io/docs/changelog/ kein echtes, detailliertes ?nderungsprotokoll mehr …

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor jarnovos

    (@jarnovos)

    Hi @kurapika,

    There was indeed a security-related patch included within Complianz version 6.4.2, which addresses a vulnerability that had been disclosed to us.

    It concerns an authenticated vulnerability that only applies when a user with malicious intent is already logged in.

    More details will be made available after external publication (Monday, March 6th 2023) by the researchers who informed us about it.

    Kind regards, Jarno

    Plugin Contributor Aert Hulsebos

    (@aahulsebos)

    More information will be made public soon; https://complianz.io/march-1st-authenticated-stored-xss-vulnerability-patched/

    Thread Starter Anonymous User 20597857

    (@anonymized-20597857)

    Danke!

    Habe alle Plugins aller Sites stets tagesaktuell. Meine, von mir betreuten Website Betreiber haben nur kleine Teams angemeldeter Nutzer, denen man trauen kann.

    Aber ich selbst plane ein WP basiertes Forum, welche hoffentlich viele Nutzer anzieht. Da hoffe ich, dass deren Rechte (maximal Subscriber) nicht zu hoch sind, um etwas anzustellen.

    Jedenfalls Danke für die offenen Informationen!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security: authenticated Stored XSS’ is closed to new replies.