HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Security vulnerability: Flagging plugin (2.0.18.2 and earlier)
There is an XSS vulnerability in Vanilla, version 2.0.18.2 and earlier. This only effects the Flagging plugin. Anyone using the Flagging plugin should immediately upgrade to 2.0.18.3 or make this change: Fix for Flagging XSS.
2.0.18.3 is now available.
4
Comments
thanks so much for letting us know, forwarded to others I know use this.
grep is your friend.
Awesome to know, thank you.
Was this the only change in 2.0.18.3?
Yes.
that's great. thank!