Closed wangai666 closed 7 years ago
CVE-2017-10673 has been assigned for this issue. Please use it in the commit message and ChangeLog, thanks.
This has not been verified, nor reproduced in 3.3.x
in GetSimpleCMS - 3.4.0a
Thanks
Yes known issue in DEV branch, settings.php xss fixed were not merged into new profile.php and have to be manually repatched. profile.php does not exist in stable.
There is no current dev release for master branch, CVE in invalid for stable.
blunt,Hope to learn more with you!
Display Name: where there is xss payload: ">