Open DinisCruz opened 11 years ago
I would disagree on the XmlDatabase not being viewable across users. I think (not checked) any admin user who logs in will be affected as its persistent.
At the moment only an admin can set those values up (and view those pages). and if they are Admin's there are a lot of other way to put a payload in TM (have you see the backend-editor? you can edit the entire TM Website from the browser :) )
btw, I'm not saying that these issues won't be fixed, just that they have low priority
Oh that's fine...I just wanted to make sure I was clear about the problem.
Arvind
On Wed, Oct 17, 2012 at 6:10 PM, Dinis Cruz notifications@github.comwrote:
At the moment only an admin can set those values up (and view those pages). and if they are Admin's there are a lot of other way to put a payload in TM (have you see the backend-editor? you can edit the entire TM Website from the browser :) )
btw, I'm not saying that these issues won't be fixed, just that they have low priority
— Reply to this email directly or view it on GitHubhttps://github.com/TeamMentor/Master/issues/110#issuecomment-9550054.
I don't see this happening on the SignUp Screen anymore. Is this part fixed?
we can close this
XSS issues on:
These are low risk since they require user intervention and cannot be triggered across users