lescus

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)
  • Forum: Themes and Templates
    In reply to: [Mighty Builders] Potential XSS Issue in Mighty Builders Theme
    Thread Starter lescus

    (@lescus)

    12 months ago

    Hi Amun,

    Thank you again for your earlier reply.

    As a follow-up, I’m attaching a security test result from our internal team, who used Burp Suite to scan the site running the Mighty Builders theme. The report flags a potential XSS vector involving malformed asset paths.

    While we understand that the specific path in question currently returns a 404 and may not be routable, automated tools such as Burp can still treat such structures as indicators of possible misconfigurations or missing sanitization — especially when javascript: payloads can be passed as part of asset URLs.
    Report excerpt:
    https://drive.google.com/file/d/1UynD-OxIoF57AXH3dwB41KiSemzZ92UJ/view?usp=sharing

    We’re sharing this report not as proof of an active vulnerability, but to provide full context in case it helps you review or harden asset routing and validation logic in the theme.

    Please let us know if you need additional details.

    Best regards,
    Lescus

    • This reply was modified 12 months ago by lescus.
    • This reply was modified 12 months ago by lescus.
    • This reply was modified 12 months ago by lescus.
    • This reply was modified 12 months ago by lescus.
    • This reply was modified 12 months ago by lescus.
    Forum: Plugins
    In reply to: [Firelight Lightbox] Request to update DOMPurify to version 3.2.5
    Thread Starter lescus

    (@lescus)

    1 year, 1 month ago

    Thank you for the quick response and update! I really appreciate your prompt action on this – much respect for maintaining the plugin so responsibly 🙂

Viewing 2 replies - 1 through 2 (of 2 total)