• Resolved s1lverfoxs

    (@s1lverfoxs)


    Hello,

    Theres security issue using this plugin, customer can put javascript in their message and it’s work, how we can prevent this action ??

Viewing 5 replies - 1 through 5 (of 5 total)
  • jaholcomb

    (@jaholcomb)

    JS Support team, can you verify this?

    Thread Starter s1lverfoxs

    (@s1lverfoxs)

    i tried to put <script> alert(); in message (via text mode) and it popup when admin open the ticket, so i think it’s really work.

    Plugin Author JoomSky

    (@rabilal)

    Hi,

    Try this
    Edit
    ../wp-content/plugins/js-support-ticket/modules/ticket/model.php

    add this code at line no 760
    $data = filter_var_array($data,FILTER_SANITIZE_STRING);

    before this comment
    //custom field code start

    Regards,

    Shouldnt there be an udate for everyone ?. Not all see these topics and are at risk because no simple update was released

    Plugin Author JoomSky

    (@rabilal)

    Hi,

    We already update the plugin code.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Security Issue’ is closed to new replies.