summaryrefslogtreecommitdiffstats
path: root/torodb-postgresql
diff options
context:
space:
mode:
authorLauri Ojansivu <x@xet7.org>2020-03-23 22:29:20 +0200
committerLauri Ojansivu <x@xet7.org>2020-03-23 22:29:20 +0200
commit482682e50079d70c5113169020d6834013b57c11 (patch)
tree6a2f2f40f0335fc9c07aee179d11154e5dfecdc6 /torodb-postgresql
parent3a6303e5c2abef843b3cf0ff236e02aa3e645b67 (diff)
downloadwekan-482682e50079d70c5113169020d6834013b57c11.tar.gz
wekan-482682e50079d70c5113169020d6834013b57c11.tar.bz2
wekan-482682e50079d70c5113169020d6834013b57c11.zip
SECURITY VULNERABILITY FIX: Fix XSS bug reported today 4 hours ago by Cyb3rjunky.
Logged in users could run javascript in input fields. This affects Wekan versions v3.12-v3.84. In [Wekan v3.12](https://github.com/wekan/wekan/blob/master/CHANGELOG.md#v312-2019-08-09-wekan-release) there was [changes for XSS filter to allow inserting images, videos etc on comment WYSIWYG editor](https://github.com/wekan/wekan/pull/2593) so features related to that are now removed. After this fix, Javascript in input fields is not executed. Thanks to Cyb3rjunky and xet7 !
Diffstat (limited to 'torodb-postgresql')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-12 08:49:49 +0000