[solved] XSS Vulnerability in "Preview Post" feature of the forum
Writing a post here and then clicking on "Preview Post" can lead to a XSS vulnerability: I can inject tags using the "less than" and "greater than" HTML entities - these are not escaped in the preview.
Another test: <blink>Testing....</blink> (if your browser supports blink tags)
<iframe width="400" height="200" src="http://www.google.com/"></iframe>
Edit: It turns out the vulnerability even works when displaying the forum.
Thanks thp, looking into it now.
Thank you for reporting this issue, This is fixed now :)
[quote author="Gurudutt" date="1291292998"]Thank you for reporting this issue, This is fixed now :)
That was quick, thanks a lot :)