Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
We've just been alerted by our security team here that there is a XSS flaw in the Umbraco admin section.
To replicate - you need to log in to Umbraco first and append this to the url ?app=content%27%3balert('xss')//#content
So the url would look like this
http://localhost/umbraco/umbraco.aspx?app=content%27%3balert('xss')//#content
Has anyone else come across this? I find it hard to believe that it's not a known bug.
Mark
Hi Mark,
Best bet is to raise an issue on CodePlex, (if you haven't already done so?)
http://umbraco.codeplex.com/WorkItem/Create
The core team will pick up the issue and assess the vulnerability.
Cheers, Lee.
is working on a reply...
Write your reply to:
Upload image
Image will be uploaded when post is submitted
XSS Security flaw in Umbraco Core
We've just been alerted by our security team here that there is a XSS flaw in the Umbraco admin section.
To replicate - you need to log in to Umbraco first and append this to the url ?app=content%27%3balert('xss')//#content
So the url would look like this
http://localhost/umbraco/umbraco.aspx?app=content%27%3balert('xss')//#content
Has anyone else come across this? I find it hard to believe that it's not a known bug.
Mark
Hi Mark,
Best bet is to raise an issue on CodePlex, (if you haven't already done so?)
http://umbraco.codeplex.com/WorkItem/Create
The core team will pick up the issue and assess the vulnerability.
Cheers, Lee.
is working on a reply...