Current date/time is March 29th 2024, 12:08 am

Search found 1 match for which

Reporting Vulnerabilities within Forumotion

brandon_g wrote:Hello,

What exactly is the issues you are having? What do you mean 'sending passwords in clear text' ?

Forumotion has very secure servers and rest assured your forum is in good hands. Smile

-Brandon

I found a few XSS vulnerabilities within the forum. Also, regardless if its secure its still a vulnerability from the user standpoint. If X users email was hacked it can result in having there pw leaked. Is it too hard to disable sending password in email?

Lastly the other problem I have is, when I register with my email, I can't send it because formation decides to block my email because it uses a period in the email. From my understanding the site is doing:

email = 'test.email@gmail.com'
email.split('.') #which results in: email[0] = test and email[1] = email@gmail and email[2] =com

Please fix this as well. The xss will be shared with proper user.
by VoIP
on December 4th 2016, 12:32 am
 
Search in: Garbage
Topic: Reporting Vulnerabilities within Forumotion
Replies: 5
Views: 766

Back to top

Jump to: