Post by IP_CAM » Mon Jun 18, 2018 9:59 am

It seems to be useful, to keep updated on possible Summernote security findings:
https://github.com/summernote/summernot ... -397923559

I'm no longer quite active at the Forum, to reach me, better contact: jti@jacob.ch
My free Opencart LIGHT 1.5.6.5 Code is available on GitHub soon,
a Demoversion of it can be seen in Action here: http://www.bigmax.ch
930+ FREE OC Extension-Repositories - from OC v.1.5.x up, on the
world's largest OC-related Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by OSWorX » Mon Jun 18, 2018 2:17 pm

And how many editor instances do you have in the frontend?
None ..
Therefore you are the one by yourself who is reponsible for everything.
And if you add such a script by yourself .. your own fault.

Forum Rules [en]: viewtopic.php?f=176&t=200480
Commercial Request: viewforum.php?f=88
Dedicated Support: https://dedicated.opencart.com/
Marketplace Support: https://www.opencart.com/index.php?rout ... rt/support
Documentation: http://docs.opencart.com/en-gb/extension/theme/

Image Image Image


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by ADD Creative » Mon Jun 18, 2018 7:18 pm

Could be used for admin user escalation. For example a admin user who only has access to edit products could plant a script to escalate their user account privileges. Giving themselves access to personal data or setting they shouldn't. Good admin user account policy (who has access to them and strong passwords, etc.) can help lessen the risk.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom
Who is online

Users browsing this forum: No registered users and 2 guests