Thanks for pointing this out. It was an old XSS bug that was fixed and released around a year ago (see: https://groups.google.com/forum/#!topic/mezzanine-users/BGGeI1Ncjuo) but had not been applied to the demo site, which I've done now.
Just a reminder - if you believe you have come across a potential security issue, please use the private email address [email protected] to report the issue, as noted in the readme. That gives a chance to resolve the issue and get it released to the private security group ( https://groups.google.com/forum/#!forum/mezzanine-security) and rolled out to public sites before being made public. On Wed, May 27, 2020 at 11:17 PM Αντώνης Καρβελάς <[email protected]> wrote: > I get weird alerts in the demo blogposts section: > http://mezzanine.jupo.org/en/admin/blog/blogpost/ > I wonder if someone tried to implant XSS... > > -- > You received this message because you are subscribed to the Google Groups > "Mezzanine Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/mezzanine-users/be02fff1-e4a3-4ea2-88b3-842b8ec3574a%40googlegroups.com > <https://groups.google.com/d/msgid/mezzanine-users/be02fff1-e4a3-4ea2-88b3-842b8ec3574a%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mezzanine-users/CAFDn9Nb8AFXKyiJndJzcXqB8M01M4svat-TpgqTkvHng%3DFU8Zw%40mail.gmail.com.
