As the title states , I have a plugin that was marked as a vulnerable submission but no staff note was left to declare what the vulnerability might be. Now if my memory and github commits serve correctly the xss issue was corrected several months ago and searching the internet any suggestion of an issue with that specific plugin issue suggest using the commit that corrected said issue of which is also the same as was added to the mods site to correct the previous issue. So in essense not having a staff note as to the reason of said supposed vulnerability is indeed one not helpful and slightly confusing. Is it not the entire function of marking something as vulnerable to clarify why it is marked as so hence a start towards resolution? Also I am curious if the mark was made without knowledge that the issue that previously was brought to my attention was corrected at that time as was mentioned in the changelog? Without a staff note explaining what is what one can only speculate..., just saying.
As you can see no staff note but every other one has one???
[
attachment=40321]
Now lets quote what is clearly stated on the vulnerability page for clarification:
Quote: This list contains the name of the plugin, the author and a short description regarding its vulnerability.
Hi,
It's possible that whoever marked it as vulnerable simply forgot to add a note, we are all only human after all. I've sent a message to other members of the team so that whoever marked it as vulnerable may chime in with some more information.
(2018-05-13, 09:11 PM)Euan T Wrote: [ -> ]Hi,
It's possible that whoever marked it as vulnerable simply forgot to add a note, we are all only human after all. I've sent a message to other members of the team so that whoever marked it as vulnerable may chime in with some more information.
Thank you Euan, for the timely and informative reply.
It seems as if whoever marked these got them from Exploit-DB.com if you see the image below.
![[Image: eTjT03v.png]](https://camo.mybb.com/0905e586ff322713eefe978af578d145e9478d85/68747470733a2f2f692e696d6775722e636f6d2f65546a543033762e706e67)
I'm not sure about the
Recent Threads On Index plugin, but all the ones I found have been patched.
(2018-05-15, 07:32 PM)0xB9 Wrote: [ -> ]It seems as if whoever marked these got them from Exploit-DB.com if you see the image below.
I'm not sure about the Recent Threads On Index plugin, but all the ones I found have been patched.
Yeah, I agree and I was also thinking something similar had happened to confuse the mark as still present when not in reality as I know it was patched as soon as you let me know approx 2 months ago. Thanks
-- Bump --
Still waiting..., the plugin was fixed before it was even ever marked with no reason supplied and project is still suspended even though the fix was already present, hence for many months now the plugin has not been available for end user usage for absolutely no reason, sigh.
Please note that there is no system in place to notify us when a new build is submitted (MyBB doesn’t have notifications remember...) and so we might not always notice new builds unless we are actively looking for them.
I hear that. Perhaps the function to auto send a submit for review after project suspension would be useful as for now on a suspended project attempting to select button on build for staff review provides an error of invalid project thus not allowing either the marked build or any new submitted build from being suggested to staff for review. I think by allowing this function to work with suspended projects or allowing an auto review function on suspenspended builds would help remove suspensions faster and get patched products back to the end user for usage faster. Just a thought.
We're planning a mods site rewrite as a public project around MyBB 1.10, so we'd probably be looking at improving a lot of the usage and user experience then.
Hi vintageaddyo, first of all, thank you for all your contributions. I was taking a look at your work and it is simple vast.
Secondly, I found three issues which I would like you to fix properly in three of your plugins.
- Latest Threads Ticker
- Last User's Threads in Profile
- Last Post
If you need further assistance finding the errors please don't hesitate about opening a thread in the private inquiries forum.