Multiple Critical Security Vulnerabilites (XSS, Privilege Escalation, SQL Injection) #9
Comments
|
Hi, Thank you for reporting the vulnerabilities. We would like to address them in future updates if the community is using them in production environment. I want to appreciate the effort you have to taken to make a detailed report to address security issues in such small opensource project and keeping it secure. Thank you for the effort. |
|
I have the same problem, if a file is not attached, the comment is not refreshed ... but if you manually refresh the browser if you add it. Someone fix it? |
|
Has this been fixed? Thank you for. I liked your work very much. @eksha |
|
@CMLCNL we have not been able to yet dedicate time on these issues. If someone would like to contribute, we would be very happy to accept PRs! Please keep following this thread, we will try to soon expediate this. |
This software has multiple critical security issues!!
Stored XSS (https://portswigger.net/web-security/cross-site-scripting)
Privilege Escalation (https://portswigger.net/web-security/access-control)
SQL Injection (https://portswigger.net/web-security/sql-injection)
More Information
I wrote a blog post about these vulnerabilities with pictures and more in-depth explanations, please see for more information:
http://blog.slicklabz.com/bugbounty/opensource/tikaj_helpdesk
-CRFSlick
The text was updated successfully, but these errors were encountered: