My first XSS exploit, yay!
-
Repro:
Click my usercard.
Yep.
-
@Maciejasjmj
I'd give you a badge if I could...Sadly there are two things preventing me.
Filed Under: Nice find, though... never clicking on a usercard ever again
-
Not even eight hours, and we've found one
-
(for the record, I totally vote to keep the <marquee> tags).
Also, two bugs for the price of one!
-
j
-
@Maciejasjmj said:
(for the record, I totally vote to keep the <marquee> tags)
I also want gif profile backgrounds.
-
-
Superb
-
Also, that's weird:
So... what's the title?
-
@Maciejasjmj said:
so, that's weird:
https://what.thedailywtf.com/topic/19199/topic-title-cut-off-for-upvote-notifications/2
-
@Maciejasjmj said:
Also, that's weird:
So... what's the title?
Upvote notifications get truncated mysteriously, it seems. There was a topic/post about it somewhere.
EDIT:
-
@aliceif Already reported as well: https://github.com/NodeBB/NodeBB/issues/4399
Who wants to report the XSS?
-
@asdf I guess we don't want to do this on a public issue tracker?
Paging @julianlam to the courtesy phone...
-
PM'd @julianlam and @psychobunny on community.nodebb
-
Email security@nodebb.org and we will look into this post-haste
-
Documenting for posterity:
-
@julianlam said:
Email security@nodebb.org and we will look into this post-haste
Mail'd.
Now, off to find a way to stick a Signature Guy in...
-
Thanks @Maciejasjmj