quanta icon indicating copy to clipboard operation
quanta copied to clipboard
verified publisher icon quantacms

Qtags security - full analysis

Open Aldus83 opened this issue 7 years ago • 0 comments

Qtags are Quanta's core feature, and they are extremely powerful - but from great power, comes great responsability, especially when we consider that Qtags can be added (by design) anywhere, included the body, comments, etc. - and therefore, are virtually accessible to any registered and non registered user of a Quanta web application. That's why we need to walk through the whole list of core qTags: https://www.quantacms.com/qtags-overview/ and perform a security check of each of them. It would not be acceptable in example if a qTag was discovered being able to access files and folders outside of its scope, or - even worst - system files.

Please perform a full security check, and do a short report per each qTag. This is a paid (bounty) issue!

Aldus83 avatar Nov 07 '18 14:11 Aldus83