• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
ToggleME

ToggleME 3.1.4

No permission to download
Thread starter Similar threads Forum Replies Date
Trash Can 0

XenForo Rocks

Team Member
Administrator
Moderator
+Lifetime VIP+
Contributor
ViP
True Member
Suppliers
Registered
#3
XenForo Rocks updated ToggleME with a new update entry:

Version 3.1.4 released

Version 3.1.4 released
Sanitize strings in the option page to avoid XSS injection from the admin side. Thanks to Julien from RCE Security for his POC. I'm quoted him :
"To successfully exploit this vulnerability, a user with rights to add or change user group titles, style titles or category titles must trick another authenticated user with access rights to the administrative panel to visit the affected configuration page of the plugin."
By the way the version 3.1.3 was never...
Read the rest of this update entry...
 
Thread starter Similar threads Forum Replies Date
Trash Can 0