arvinddoraiswamy
commented
11 years ago I would disagree on the XmlDatabase not being viewable across users. I think (not checked) any admin user who logs in will be affected as its persistent.
Open DinisCruz opened 11 years ago
arvinddoraiswamy
commented
11 years ago I would disagree on the XmlDatabase not being viewable across users. I think (not checked) any admin user who logs in will be affected as its persistent.
DinisCruz
commented
11 years ago At the moment only an admin can set those values up (and view those pages). and if they are Admin's there are a lot of other way to put a payload in TM (have you see the backend-editor? you can edit the entire TM Website from the browser :) )
btw, I'm not saying that these issues won't be fixed, just that they have low priority
arvinddoraiswamy
commented
11 years ago Oh that's fine...I just wanted to make sure I was clear about the problem.
Arvind
On Wed, Oct 17, 2012 at 6:10 PM, Dinis Cruz notifications@github.comwrote:
At the moment only an admin can set those values up (and view those pages). and if they are Admin's there are a lot of other way to put a payload in TM (have you see the backend-editor? you can edit the entire TM Website from the browser :) )
btw, I'm not saying that these issues won't be fixed, just that they have low priority
— Reply to this email directly or view it on GitHubhttps://github.com/TeamMentor/Master/issues/110#issuecomment-9550054.
romichg
commented
11 years ago I don't see this happening on the SignUp Screen anymore. Is this part fixed?
DinisCruz
commented
9 years ago we can close this
XSS issues on:
These are low risk since they require user intervention and cannot be triggered across users