You are viewing a single comment's thread from:

RE: Stored XSS vulnerability in !! [SOLVED]

in #hivelast year

UPDATE: the same vulnerability is also on steemblockexplorer(...)

They don't need XSS to steal from users. People who use Steem these days should assume that their funds can be stolen at any moment.


Very true! 🙂😌

Found also a new XSS not yet fixxed on the same site. Messaged u on Discord.

I'm not using a discord. Come to the
You can find me (@gandalf) on #general channel or #witness or #help.

Nope it's not resolved yet - just checked. @penguinpablo is not reachable on any Chat-Service so it have sent him a private memo in his wallet with Informations to the XSS i found.

Make sure you clear your cache.
I don’t see your memo, if another field was not fixed you could send it to him encrypted with his public memo key so that only he can decrypt it with his private key.

Sure. i cleared the whole Site data in the Developer Console and opend the page where i stored the Script. And yes, i got the alert.

I have sent penguinpablo an encrypted memo on hive because he is the project owner. sure ;)

I just fixed this issue too.

@gtg FYI: I launched this too today and obviosly it is NOT running on Steem 😏😏
[auto-replies to posts and comments with known phishing links]