Version 3.1.0 – XSS vulnerability
Quote from m.brooking@mixd.co.uk on July 31, 2025, 1:18 pmWe’re currently receiving XSS vulnerability alerts related to the current version of Asgaros Forums. Do you have an estimated timeline for when an update addressing this issue might be released? We have the plugin installed on multiple sites, so resolving this is critical for us. We’d really appreciate any updates you can provide. Thank you!
Thanks,
Matt
We’re currently receiving XSS vulnerability alerts related to the current version of Asgaros Forums. Do you have an estimated timeline for when an update addressing this issue might be released? We have the plugin installed on multiple sites, so resolving this is critical for us. We’d really appreciate any updates you can provide. Thank you!
Thanks,
Matt
Quote from Asgaros on August 9, 2025, 6:08 amHi @m-brookingmixd-co-uk
I am aware of this report since weeks/months and usually I try to fix those issues within hours. However, for this particular one I never got any details from the vulnerability-reporter so I have absolutely no clue in which module or section this vulnerability should be existent. I tried already to investigate, but without disclosure to me, this report is as useful as if someone tells you, that you have a problem in your house. It could be everything or nothing. That is the sad truth.
As soon as I get steps to reproduce this issue from somewhere, I will fix it immediately.
Edit: I made this topic a global sticky because I get similar requests continuously. Maybe it also helps to get more information.
I am aware of this report since weeks/months and usually I try to fix those issues within hours. However, for this particular one I never got any details from the vulnerability-reporter so I have absolutely no clue in which module or section this vulnerability should be existent. I tried already to investigate, but without disclosure to me, this report is as useful as if someone tells you, that you have a problem in your house. It could be everything or nothing. That is the sad truth.
As soon as I get steps to reproduce this issue from somewhere, I will fix it immediately.
Edit: I made this topic a global sticky because I get similar requests continuously. Maybe it also helps to get more information.
Quote from m.brooking@mixd.co.uk on August 11, 2025, 1:10 pmHi @asgaros
Thanks for the update. I understand this is a tricky issue to fix, and I appreciate the effort you’re putting into it.
Please let us know as soon as you’ve rolled out a fix so we can distribute it across all our websites using the plugin.
Thanks,
Matt
Hi @asgaros
Thanks for the update. I understand this is a tricky issue to fix, and I appreciate the effort you’re putting into it.
Please let us know as soon as you’ve rolled out a fix so we can distribute it across all our websites using the plugin.
Thanks,
Matt