I don't know how there would be an XSS in that plugin. The user input is never displayed. If you can display HTML in the question, that's not an XSS vulnerability.
Ask him for a proof of concept.
Ah, thanks.
Just wanted to make sure.
@ Xeronations - next time you think there might be a vulnerability please report it in Private Inquiries rather than the open forum.
(2012-12-22, 12:28 AM)Paul H. Wrote: [ -> ]Line 37:
$prefix = 'g33k_'.$codename.'_';
No problem there.
He said something similar here about another plugin: http://yaldaram.com/thread-4963-post-225...l#pid22585
That line is empty.
He's just trying to be a l33t hacker scaring people.
CAN WE REMOVE THAT LINE????
Line 37:
$prefix = 'g33k_'.$codename.'_';
(2015-02-09, 08:10 AM)Dr_The_One Wrote: [ -> ]CAN WE REMOVE THAT LINE????
Line 37:
$prefix = 'g33k_'.$codename.'_';
Uhhhh... no. If you do that, you'll break the plugin's ability to function.