fgeek
commented
7 years ago CVE-2017-10673 has been assigned for this issue. Please use it in the commit message and ChangeLog, thanks.
Closed wangai666 closed 7 years ago
fgeek
commented
7 years ago CVE-2017-10673 has been assigned for this issue. Please use it in the commit message and ChangeLog, thanks.
tablatronix
commented
7 years ago This has not been verified, nor reproduced in 3.3.x
wangai666
commented
7 years ago in GetSimpleCMS - 3.4.0a
tablatronix
commented
7 years ago Thanks
Yes known issue in DEV branch, settings.php xss fixed were not merged into new profile.php and have to be manually repatched. profile.php does not exist in stable.
There is no current dev release for master branch, CVE in invalid for stable.
wangai666
commented
7 years ago blunt,Hope to learn more with you!
Display Name: where there is xss payload: ">