mybb icon indicating copy to clipboard operation
mybb copied to clipboard

Published 20 hours ago verified publisher icon mybb

Upgrade SCEditor to 3.0

Open Ben-MyBB opened this issue 3 years ago • 5 comments

https://github.com/samclarke/SCEditor/releases/tag/v3.0.0

Ben-MyBB avatar Apr 07 '21 12:04 Ben-MyBB

Wow, he is active again? This XSS vulnerability is serious?

I hope that for upcoming MyBB 1.9 you will choose better editor.

Eldenroot avatar Apr 07 '21 18:04 Eldenroot

The XSS vulnerability might be the one we patched and pushed a fix for upstream, but I’ve not had time to look at the release notes properly yet.

On Wed, 7 Apr 2021, at 19:58, Eldenroot wrote:

Wow, he is active again? This XSS vulnerability is serious?

I hope that for upcoming MyBB 1.9 you will choose better editor.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mybb/mybb/issues/4355#issuecomment-815149548, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFW24P5COE4563W6NUPWGTTHSTMNANCNFSM42QW6VMQ.

euantorano avatar Apr 07 '21 20:04 euantorano

XSS in question is the same one that was fixed by the Mybb team. This is not a new XSS. Of course, the correction method is different.

for me, the change of editor should be postponed to 1.10. launching 1.9 with a new theme should be the priority.

martec avatar Apr 10 '21 05:04 martec

There were two XSS vulns: one in the popups and one in the editor itself (see CVE-2019-19466more details).

live627 avatar May 14 '21 02:05 live627

@live627 thanks for information.

for me about this issue https://github.com/samclarke/SCEditor/pull/767 the mybb team already fixed. I did not know that there was another one besides the one that was fixed in the question of xss.

If so, I apologize for providing incorrect information.

martec avatar May 14 '21 04:05 martec