zxc7528064
commented
4 years ago @michu2k Thank you for your attention to security issues !
Closed zxc7528064 closed 4 years ago
zxc7528064
commented
4 years ago @michu2k Thank you for your attention to security issues !
w3bd3mon
commented
4 years ago Dear team,
I reported the same thing last month. Please check the email I sent you. I got no response.
Thanks and Regards, Vinit Patil
On Sun, 31 May 2020, 13:54 Not_H, notifications@github.com wrote:
@michu2k https://github.com/michu2k Thank you for your attention to security issues !
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sruupl/batflat/issues/83#issuecomment-636439265, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHLVJTDRTKL7JP5R5WHQKRLRUIH3PANCNFSM4NO33XCA .
zxc7528064
commented
4 years ago @w3bd3mon you find the same security problem ! ?
w3bd3mon
commented
4 years ago Yes around 4 proof of concepts..
On Sun, 31 May 2020, 14:07 Not_H, notifications@github.com wrote:
@w3bd3mon https://github.com/w3bd3mon you find the same security problem ! ?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sruupl/batflat/issues/83#issuecomment-636440518, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHLVJTEPGMUSAT2LZ2GP27LRUIJMJANCNFSM4NO33XCA .
zxc7528064
commented
4 years ago Are you applying for CVE Number?
w3bd3mon
commented
4 years ago Yes.. But I am not getting replies on my emails.they should atleast patch it.
Thanks and Regards, Vinit Patil
On Sun, 31 May 2020, 14:43 Not_H, notifications@github.com wrote:
Are you applying for CVE Number?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sruupl/batflat/issues/83#issuecomment-636443987, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHLVJTDNWP5ZIAAVPRY476TRUINT3ANCNFSM4NO33XCA .
zxc7528064
commented
4 years ago Ok,I got it ! Same Version ? Version : v.1.3.6
w3bd3mon
commented
4 years ago Yes same version
On Sun, 31 May 2020, 15:12 Not_H, notifications@github.com wrote:
Ok,I got it ! Same Version ? Version : v.1.3.6
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sruupl/batflat/issues/83#issuecomment-636446953, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHLVJTEXFRFLWVPO6DLKUMDRUIQ63ANCNFSM4NO33XCA .
zxc7528064
commented
4 years ago @w3bd3mon Does the CVE ID belong to you? Or can I apply?
w3bd3mon
commented
4 years ago I was about to apply. As I reported this in April. Was just waiting for their acknowledgement.
On Sun, 31 May 2020, 20:50 Not_H, notifications@github.com wrote:
@w3bd3mon https://github.com/w3bd3mon Does the CVE ID belong to you? Or can I apply?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sruupl/batflat/issues/83#issuecomment-636485277, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHLVJTEEYSLMM3KAMPIUHH3RUJYTNANCNFSM4NO33XCA .
zxc7528064
commented
4 years ago @w3bd3mon Ok !
michu2k
commented
4 years ago Thanks guys for your reports. I will contact the creators of BF as soon as possible.
zxc7528064
commented
4 years ago @w3bd3mon Do you have Gmail ? ,I have some question to ask you
michu2k
commented
4 years ago Hi guys We talked about this potential bug and it won't be fixed, because we want to give the possibility to use HTML tags inside fields in the admin panel.
zxc7528064
commented
4 years ago @michu2k I also find CSRF Vulnerability in your product v.1.3.6
Hi ~ I find a XSS Vulnerability (Stored) Aersion : v.1.3.6 Author : Noth(沈彧璿) Step 1 : login system Step 2 : Click "Blog" and insert "XSS" test grammar in "Blog title" under "Settings" and save it.
Step 3 : Back to the front desk
