Menu

Topic-icon BreezingForms cannot add new forms after 3.2 upgrade

  • runelog
  • runelog's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
2 weeks 1 day ago #8146 by runelog
Hi
After I upgraded to 3.2 I cannot add new forms when logged in admin console. SecurityCheck reports possible xss attack.

Existing forms works ok.

Any other that has this issue?

Please Log in or Create an account to join the conversation.

More
2 weeks 1 day ago #8147 by Jose
Hi runelog,

No firewall rules have been touch in this version; is the rule configured to filter all html tags? If so maybe new forms have some code into them and this is why the rule is applied.

Try setting the rule to not filter all html tags (Waf configuration -> Filter exceptions -> XSS tab -> Strip all tags -> No).

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • runelog
  • runelog's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
2 weeks 1 day ago - 2 weeks 1 day ago #8148 by runelog
Thanks. I added com_breezingforms as exception and now it works. Is this a possible security risk?

Rune
Last edit: 2 weeks 1 day ago by runelog.

Please Log in or Create an account to join the conversation.

More
2 weeks 1 day ago #8149 by Jose
You're welcome Rune.

By default no exception is applied if the extension has known vulnerabilities:


Obviously if there is a not known vulnerability or a zero-day vulnerability you will not be fully protected, but we have to deal with that risk...

Regards,
Jose
Attachments:

Please Log in or Create an account to join the conversation.

Time to create page: 0.085 seconds
Powered by Kunena Forum

Login or Sign In