XSS Vulnerability Report https://interactivetools.com/forum/forum-posts.php?XSS-Vulnerability-Report-82567 Mon, 16 Mar 2026 22:20:51 -0700 en-us XSS Vulnerability Report https://interactivetools.com/forum/forum-posts.php?postNum=2246084#post2246084 Awesome! Thanks so much! That seems to have done the trick. I'll keep an eye out for future updates as well. Really appreciate it! :-)

All the best,
Jeremy

]]> Fri, 12 Aug 2022 09:36:35 -0700 forum-posts.php?postNum=2246084#post2246084 XSS Vulnerability Report https://interactivetools.com/forum/forum-posts.php?postNum=2246081#post2246081 Hi Jeremy,

Thank you for bringing this to our attention!

As a short-term patch, you can update /cmsb/lib/init.php at line 649 from this:

alert(sprintf(t("Updating Program Url to: %s")."<br>\n", $SETTINGS['adminUrl']));

to this:

alert(sprintf(t("Updating Program Url to: %s")."<br>\n", htmlencode($SETTINGS['adminUrl'])));

This should - at a minimum - remove the XSS vulnerability reported, though we'll also be doing a review of some underlying factors and will release this and any additional security fixes in the next version of CMSB.

Let me know if you have any further questions!

Thanks again,

]]> Thu, 11 Aug 2022 12:42:53 -0700 forum-posts.php?postNum=2246081#post2246081 XSS Vulnerability Report https://interactivetools.com/forum/forum-posts.php?postNum=2246080#post2246080 Hi all! My client recently received a report of a potential XSS vulnerability related to the CMS Builder login page. I'm not sure if there's any validity to this or if it's anything to be concerned with, but I thought I'd reach out and get your advice. Here's the vulnerability report:

https://www.openbugbounty.org/reports/2613835/

It looks like they are inserting script tags in the URL. Perhaps there's a way to disallow this via the .htaccess file?

Any input is appreciated. :-)

Thanks in advance,
Jeremy

]]> Wed, 10 Aug 2022 13:14:26 -0700 forum-posts.php?postNum=2246080#post2246080