Persistent XSS via malicious license file
Medium
E
ExpressionEngine
Submitted None
Team Summary
Official summary from ExpressionEngine
@unbaiat discovered that the display of the license file information was not properly sanitized leaving it vulnerable to XSS. @unbaiat gave a detailed report with step-by-step instructions for replicating, enabling a speedy resolution to the issue.
Actions:
Reported by
unbaiat
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Stored