Posted By: apc57 on May 3, 2017, 6:15 pm |
My package has Simple Invoices version : 2011.1
There is multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML https://www.cvedetails.com/vulnerability-list/vendor_id-6074/product_id-10295/version_id-139349/Simple-Invoices-Simple-Invoices-2011.1.html When will Simple Invoices be patched or updated to fix this? thanks |
Posted By: aakash_softac on May 4, 2017, 7:28 am | Post: 1 |
Quote From : apc57 May 3, 2017, 6:15 pm My package has Simple Invoices version : 2011.1
There is multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML https://www.cvedetails.com/vulnerability-list/vendor_id-6074/product_id-10295/version_id-139349/Simple-Invoices-Simple-Invoices-2011.1.html When will Simple Invoices be patched or updated to fix this? thanks Hi, We just checked and we provide the latest package provided by the vendor. As far as bug is concerned you will need to contact the Simple Invoices team directly since we do not change/modify in any package provided by the vendor. Thank you. ----------------------- Aakash Gupta SitePad Developer Follow us for faster updates Twitter: https://twitter.com/sitepad_editor Facebook: https://facebook.com/SitePad |