We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi I am using this theme which appears to use the latest prettyPhoto but appears to still have this vulnerability?
URL: http://bridgelanding.qodeinteractive.com/
Checking the version number with jQuery.prettyPhoto in the console gives me version 3.1.6. The JS source also appears to have the latest 3.1.6 version: http://bridgelanding.qodeinteractive.com/wp-content/themes/bridge/js/plugins.js
jQuery.prettyPhoto
When trying the XSS vulnerability as described in ticket #149 still works here:
http://bridgelanding.qodeinteractive.com/#?prettyPhoto=<img src=x onerror=confirm(document.cookie) />&
Is this another vulnerability or was it not fixed entirely? Thanks
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hi
I am using this theme which appears to use the latest prettyPhoto but appears to still have this vulnerability?
URL: http://bridgelanding.qodeinteractive.com/
Checking the version number with
jQuery.prettyPhotoin the console gives me version 3.1.6. The JS source also appears to have the latest 3.1.6 version: http://bridgelanding.qodeinteractive.com/wp-content/themes/bridge/js/plugins.jsWhen trying the XSS vulnerability as described in ticket #149 still works here:
http://bridgelanding.qodeinteractive.com/#?prettyPhoto=<img src=x onerror=confirm(document.cookie) />&Is this another vulnerability or was it not fixed entirely?
Thanks
The text was updated successfully, but these errors were encountered: