-
Welcome to the Chevereto User Community!
Here, users from all over the world come together to learn, share, and collaborate on everything related to Chevereto. It's a place to exchange ideas, ask questions, and help improve the software.
Please keep in mind:
- This community is user-driven. Always be polite and respectful to others.
- Support development by purchasing a Chevereto license, which also gives you priority support.
- Go further by joining the Community Subscription for even faster response times and to help sustain this space
xss
-
XSS in installation script
Hi, Our research team in KAIST WSP Lab found a reflected vulnerability in chevereto-free (https://github.com/Chevereto/Chevereto-Free). I post this thread to report the found bug - Description: An reflected XSS vulnerability was identified in the ready.php page in the installation process due...- Seongil Wi
- Thread
- cross-site sc vulnerability xss
- Replies: 4
- Forum: Fixed bugs
-
I
Possible XSS Bug
▶🚶Reproduction steps Select an image for upload, then edit image title-description and write "><svg/onload=prompt(document.domain);> After upload image and visit your uploaded image, you got a message 😢Unexpected result Example image url ; https://imgyukle.com/i/YOPlUj...- imgyukle
- Thread
- xss
- Replies: 2
- Forum: Fixed bugs
-
Chevereto v3.14.0
Hey there, The next minor release is in the works and this is the changelog (so far): Chevereto v3.14.0 pre-release notes Added support for WebP Added brute force protection for cookie based login attempts Added auth token at /update (CSRF) Added HTTP only and secure cookie flags Added...- Rodolfo
- Thread
- beta csrf pre-release webp xss
- Replies: 12
- Forum: [Archive] Announcements and news