-
Welcome to the Chevereto user community!
Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.
Please keep in mind:
- This community is user driven. Be polite with other users.
- Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales and RFC).
- Purchase a Pro Community Subscription to get faster ticket response times.
xss
-
XSS in installation script
Hi, Our research team in KAIST WSP Lab found a reflected vulnerability in chevereto-free (https://github.com/Chevereto/Chevereto-Free). I post this thread to report the found bug - Description: An reflected XSS vulnerability was identified in the ready.php page in the installation process due...- Seongil Wi
- Thread
- cross-site sc vulnerability xss
- Replies: 4
- Forum: Fixed bugs
-
I
Possible XSS Bug
▶🚶Reproduction steps Select an image for upload, then edit image title-description and write "><svg/onload=prompt(document.domain);> After upload image and visit your uploaded image, you got a message 😢Unexpected result Example image url ; https://imgyukle.com/i/YOPlUj...- imgyukle
- Thread
- xss
- Replies: 2
- Forum: Fixed bugs
-
Chevereto v3.14.0
Hey there, The next minor release is in the works and this is the changelog (so far): Chevereto v3.14.0 pre-release notes Added support for WebP Added brute force protection for cookie based login attempts Added auth token at /update (CSRF) Added HTTP only and secure cookie flags Added...- Rodolfo
- Thread
- beta csrf pre-release webp xss
- Replies: 12
- Forum: [Archive] Announcements and news