Open alestorm980 opened 2 years ago
As stated on our obsolete bug reporting site (Lighthouse), the XSS Settings and RCE issues only apply to Super-Admin or Admin users and users with that level of permission can do quite a bit to hack a site...However, the User-Agent issue should be addressed.
Fix for the XSS User Agent issue has be added to development code and will be included in next release
I reported 3 vulnerabilities on Exponent 2.6.0 (patch2) using https://exponentcms.lighthouseapp.com/ but i didn't receive any update.
Attached below are the links to the tickets, advisories and our responsible disclosure policy respectively.