It seems to be useful, to keep updated on possible Summernote security findings:
https://github.com/summernote/summernot ... -397923559
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
And how many editor instances do you have in the frontend?
None ..
Therefore you are the one by yourself who is reponsible for everything.
And if you add such a script by yourself .. your own fault.
None ..
Therefore you are the one by yourself who is reponsible for everything.
And if you add such a script by yourself .. your own fault.
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
Could be used for admin user escalation. For example a admin user who only has access to edit products could plant a script to escalate their user account privileges. Giving themselves access to personal data or setting they shouldn't. Good admin user account policy (who has access to them and strong passwords, etc.) can help lessen the risk.
Who is online
Users browsing this forum: No registered users and 40 guests