<<< Date Index >>>     <<< Thread Index >>>

Re: Bosdev Multiple vulnerabilities



Actually, you've never emailed us.

HTML is stripped from posts, with the exception of admin allowed tags.  The 
username XSS issue is already being dealt with in the 6.1 release.

Install.php won't do anything, unless you know the username/password/db name 
for the system.  Admins are told to remove the file specifically for the reason 
listed above.

Next time you say you have emailed someone, you might actually try doing it.