ebellempire
commented
5 years ago Hi @miralgj, I'm not able to reproduce this issue. Would you mind sending some more info to digitalhumanities@csuohio.edu?
Closed miralgj closed 5 years ago
ebellempire
commented
5 years ago Hi @miralgj, I'm not able to reproduce this issue. Would you mind sending some more info to digitalhumanities@csuohio.edu?
ebellempire
commented
5 years ago Worth noting that this issue may have already been fixed, so I'd want to know if you've tested this with the most current commit on the master branch.
miralgj
commented
5 years ago @ebellempire I'm not running the most current commit so let me see if that resolves it.
miralgj
commented
5 years ago @ebellempire That commit resolved it for me. Even though my plugin is at version 1.7 and the 1.7 tag release seems to include that fix, for some reason I didn't have it. Thanks!
ebellempire
commented
5 years ago Thanks for checking this out and sharing either way. I may have forgotten to bump the version after some recent updates so I'll get that fixed now. Cheers -- E
Dorkbot (https://security.utexas.edu/dorkbot) discovered a XSS vulnerability in Omeka 2.6.1 with Curatescape by injecting malicious code into the "tour" argument.
Example injection: http://omeka.example.com/items/show/121?tour=12%22/%3E%3Cimg%20src=x%20onerror=%22alert(150)%22%20/%3E%3C!%E2%80%94&index=4