*

Tango

  • ***
  • 85 posts
XSS vulnerability and a Notice
« on: September 25, 2021, 02:07:01 AM »
Please note that the Attributes Plugin has unsanitized fields leading to possible XSS exploits, as you can see in the attached screenshot.

Also, there's the following notice:
Code: [Select]
PHP Notice:  Undefined index: values in \oc-content\plugins\attributes\functions.php on line 807
Plugin version: 2.4.0
PHP Version: 7.2.34

Hoping for a quick fix.
Thanks!

*

MB Themes

Re: XSS vulnerability and a Notice
« Reply #1 on: September 27, 2021, 02:43:13 PM »
@Tango
Thank you, will be fixed in next update.
  To get fast support, we need following details: Detail description, URL to reproduce problem, Screenshots