Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
We've just been alerted by our security team here that there is a XSS flaw in the Umbraco admin section.
To replicate - you need to log in to Umbraco first and append this to the url ?app=content%27%3balert('xss')//#content
So the url would look like this
http://localhost/umbraco/umbraco.aspx?app=content%27%3balert('xss')//#content
Has anyone else come across this? I find it hard to believe that it's not a known bug.
Mark
Hi Mark,
Best bet is to raise an issue on CodePlex, (if you haven't already done so?)
http://umbraco.codeplex.com/WorkItem/Create
The core team will pick up the issue and assess the vulnerability.
Cheers, Lee.
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.
Continue discussion
XSS Security flaw in Umbraco Core
We've just been alerted by our security team here that there is a XSS flaw in the Umbraco admin section.
To replicate - you need to log in to Umbraco first and append this to the url ?app=content%27%3balert('xss')//#content
So the url would look like this
http://localhost/umbraco/umbraco.aspx?app=content%27%3balert('xss')//#content
Has anyone else come across this? I find it hard to believe that it's not a known bug.
Mark
Hi Mark,
Best bet is to raise an issue on CodePlex, (if you haven't already done so?)
http://umbraco.codeplex.com/WorkItem/Create
The core team will pick up the issue and assess the vulnerability.
Cheers, Lee.
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.