Roll20 uses cookies to improve your experience on our site. Cookies enable you to enjoy certain features, social sharing functionality, and tailor message and display ads to your interests on our site and others. They also help us understand how our site is being used. By continuing to use our site, you consent to our use of cookies. Update your cookie preferences .
×
×

Cookie Preferences

We use Cookies to help personalize and improve Roll20. For more information on our use of non-essential Cookies, visit our Privacy Policy here.
Create a free account
This post has been closed. You can still view previous posts, but you can't post any new replies.

Cross site scripting vulnerability in discussion forums

  1. Community Forums
  2. Bug Reports & Technical Issues
  3. Cross site scripting vulnerability in discussion forums
1336354230
Andy R.
KS Backer
Permalink for 347 Quote
Found this accidentally while posting a bug. Doesn't look like anything is scrubbing input in the forum posts. Obvoiusly right now the impact is low because it's a closed beta, but if nothing else the griefer opportunities if this stays unpatched for live games are pretty scary.
1336383006
Riley D.
Roll20 Team
Permalink for 5655 Quote
If anyone else is curious, see here for more info on this: <a href="http://community.roll20.net/discussion/comment/1283#Comment_1283" rel="nofollow">http://community.roll20.net/discussion/comment/1283#Comment_1283</a>