Closed zxc7528064 closed 4 years ago
@michu2k Thank you for your attention to security issues !
Dear team,
I reported the same thing last month. Please check the email I sent you. I got no response.
Thanks and Regards, Vinit Patil
On Sun, 31 May 2020, 13:54 Not_H, notifications@github.com wrote:
@michu2k https://github.com/michu2k Thank you for your attention to security issues !
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sruupl/batflat/issues/83#issuecomment-636439265, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHLVJTDRTKL7JP5R5WHQKRLRUIH3PANCNFSM4NO33XCA .
@w3bd3mon you find the same security problem ! ?
Yes around 4 proof of concepts..
On Sun, 31 May 2020, 14:07 Not_H, notifications@github.com wrote:
@w3bd3mon https://github.com/w3bd3mon you find the same security problem ! ?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sruupl/batflat/issues/83#issuecomment-636440518, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHLVJTEPGMUSAT2LZ2GP27LRUIJMJANCNFSM4NO33XCA .
Are you applying for CVE Number?
Yes.. But I am not getting replies on my emails.they should atleast patch it.
Thanks and Regards, Vinit Patil
On Sun, 31 May 2020, 14:43 Not_H, notifications@github.com wrote:
Are you applying for CVE Number?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sruupl/batflat/issues/83#issuecomment-636443987, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHLVJTDNWP5ZIAAVPRY476TRUINT3ANCNFSM4NO33XCA .
Ok,I got it ! Same Version ? Version : v.1.3.6
Yes same version
On Sun, 31 May 2020, 15:12 Not_H, notifications@github.com wrote:
Ok,I got it ! Same Version ? Version : v.1.3.6
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sruupl/batflat/issues/83#issuecomment-636446953, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHLVJTEXFRFLWVPO6DLKUMDRUIQ63ANCNFSM4NO33XCA .
@w3bd3mon Does the CVE ID belong to you? Or can I apply?
I was about to apply. As I reported this in April. Was just waiting for their acknowledgement.
On Sun, 31 May 2020, 20:50 Not_H, notifications@github.com wrote:
@w3bd3mon https://github.com/w3bd3mon Does the CVE ID belong to you? Or can I apply?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sruupl/batflat/issues/83#issuecomment-636485277, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHLVJTEEYSLMM3KAMPIUHH3RUJYTNANCNFSM4NO33XCA .
@w3bd3mon Ok !
Thanks guys for your reports. I will contact the creators of BF as soon as possible.
@w3bd3mon Do you have Gmail ? ,I have some question to ask you
Hi guys We talked about this potential bug and it won't be fixed, because we want to give the possibility to use HTML tags inside fields in the admin panel.
@michu2k I also find CSRF Vulnerability in your product v.1.3.6
Hi ~ I find a XSS Vulnerability (Stored) Aersion : v.1.3.6 Author : Noth(沈彧璿) Step 1 : login system Step 2 : Click "Blog" and insert "XSS" test grammar in "Blog title" under "Settings" and save it.
Step 3 : Back to the front desk
![7](https://user-images.githubusercontent.com/45315211/83339871-6cdf6d80-a304-11ea-8f45-f38235384cf1.jpg)