XSS exploit on mouse over
5 Likes
Thanks for reporting that issue @Salamander.
I’m unlisting this since this is a valid XSS.
I’ll have a look tomorrow unless @sam gets to it before
Title of the video is
DiscoExploitTest" onmouseover="alert('Yes? Yes')"
Thanks @Salamander, I just pushed a fix
https://github.com/discourse/discourse/commit/c2bd159acea6f0d662152af52e74a56427bd9fbc
1 Like
Note, fix is backported to beta and stable, closing this, flag to reopen if still having any issues.