We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

Security... | Forum

Topic location: Forum home » Support » Bug reports and troubleshooting
Bjorn
Bjorn Nov 8 '10
In ex. profile comment.
User can insert CSS, iframe and maybe more codes.
This is a big security issue.
Can this be fixed ?

Here is the file that check input and output.
#1
Bjorn
Bjorn Nov 8 '10
User can also set multiple value when reg at site.
This can be done by using firebug.
#2
Den Team
Den Nov 8 '10
Quote from Bjorn


In ex. profile comment.

User can insert CSS, iframe and maybe more codes.

This is a big security issue.

Can this be fixed ?



Some weeks ago we tried to closed this feature in profile comments on wall.fm service, but we received a very negative feedback from admin there. Cos people want to use html formatting and embed video in profile's comments. And we decided to allow users to use HTML in comments and etc.







Quote from Bjorn


User can also set multiple value when reg at site.

This can be done by using firebug.



Would you post more details? What the multiple values?
#3
david john
david john Feb 28 '23
To fix this issue, the website should implement strict input validation and sanitization measures to ensure that user input is properly filtered and sanitized before being displayed on the website. This can include removing wordle game any potentially harmful code, such as script tags, and enforcing strict input length limits to prevent buffer overflows and other types of exploits. 
The Forum post is edited by david john Feb 28 '23
#4
The Cyber Express
The Cyber Express Mar 6 '23
The Cyber Express is a cyber security news media company that focuses on providing the latest news and information about various topics in the field of cybersecurity. With an emphasis on breaking news and real-time updates, they aim to keep the public informed about the latest developments in cybersecurity. The topics they cover a range from the latest cyber-attacks and data breaches to the use of ransomware and hacking tools, as well as information about the latest cybersecurity tools and technologies. By providing in-depth coverage of the cybersecurity industry, The Cyber Express serves as a valuable resource for individuals and organizations interested in staying informed about the latest threats and trends in the world of cybersecurity.
#5
macallister
macallister Mar 30 '23
Our intercom system installation and repair services in NYC are designed to provide our clients with professional and reliable solutions. We offer a range of intercom system installation & repair options, including audio and video intercoms. Our team is made up of certified professionals who are trained to handle any installation or repair project with precision and care. We use only the best products and materials to ensure that our intercom systems are efficient and long-lasting.
#6
Devis Kevin
Devis Kevin Apr 26 '23
Thanks bobby
#7
Santener
Santener Oct 4 '23
As a cybersecurity professional, I've seen firsthand how cyber risk assessment reportempower organizations to make informed decisions about their security posture. They serve as a proactive tool for identifying potential threats and implementing preventive measures.
The Forum post is edited by Santener Oct 4 '23
#8
Post Minder
Post Minder Oct 9
Là Fuori is a reflection of the love for travel, sustainability, and the finer things in life, gathering 'nomadic creatives' to uplift and preserve the traditions of artisans worldwide. La Fuori
#9
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software