XSS Vulnerability caused by Redactor 3

[LifeHackerBee]

The stored XSS can be triggered once you editing content by using Redactor 3 (https://imperavi.com/redactor/) plugin. it can be found in both PAGE and BLOG modules.

To developer:
Please avoid use Redactor right now before they fix this issue.

Reference:
#794
https://imperavi.com/redactor/

[anupriya17]

Hi, Thank you the detailed explanation. Can you make a pull request? So that i can merge it. If not ill be doing as early as possible. Once again thanks for bringing to our notice.

…

On 05-Jul-2018, at 2:40 PM, Chenfeng Nie ***@***.***> wrote: The stored XSS can be triggered once you editing content by using Redactor 3 (https://imperavi.com/redactor/) plugin. it can be found in both PAGE and BLOG modules. To developer: Please avoid use Redactor right now before they fix this issue. Reference: #794 https://imperavi.com/redactor/ — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[sandeepuno]

@anupriya17 I'll be looking into it right now.

[sandeepuno]

@levoncf @anupriya17 I've disabled Redactor immediately. Will investigate into further. Feel free to share your opinions