Support Forum - Topic: xss http://www.kriesi.at/support/topic/xss Support Forum - Topic: xss en-US Thu, 23 May 2013 19:04:58 +0000 http://bbpress.org/?v=1.0.2 <![CDATA[Search]]> q http://www.kriesi.at/support/search.php Kriesi on "xss" http://www.kriesi.at/support/topic/xss#post-81706 Wed, 31 Oct 2012 14:38:41 +0000 Kriesi 81706@http://www.kriesi.at/support/ <p>Hey! We got multiple updates in the pipeline already that only wait for themeforest approval, during the next few days we will check each of the mentioned themes and upload the fix if necessary :)</p> <p>Flashlight update should be approved within the next few hours</p> <p>Best regards<br /> Kriesi </p> Dude on "xss" http://www.kriesi.at/support/topic/xss#post-81687 Wed, 31 Oct 2012 13:17:22 +0000 Dude 81687@http://www.kriesi.at/support/ <p>Hi! </p> <p> Kriesi updated Choices today (version 1.6) and this update already takes care of the XSS vulnerability. Other theme updates (eg for Flashlight) will be released today, this week or next week. </p> <p> Best regards,<br /> Peter </p> luigioss on "xss" http://www.kriesi.at/support/topic/xss#post-81640 Wed, 31 Oct 2012 07:11:33 +0000 luigioss 81640@http://www.kriesi.at/support/ <p>it's an important issue </p> luigioss on "xss" http://www.kriesi.at/support/topic/xss#post-81559 Tue, 30 Oct 2012 15:58:21 +0000 luigioss 81559@http://www.kriesi.at/support/ <p>i got this message</p> <p>XSS vulnerability in Wordpress themes by Kriesi<br /> According to my tests, the following premium Wordpress themes by Kriesi are affected by a reflected Cross-site Scripting (XSS) vulnerability:</p> <p>Abundance - 1,952 sales<br /> Eunoia - 378 sales<br /> Choices - 1,248 sales<br /> Brightbox - 892 sales<br /> Broadscope - 1,039 sales<br /> Corona - 1,712 sales<br /> Flashlight - 2,956 sales<br /> Coalition - 1,079 sales<br /> Shoutbox - 988 sales<br /> Velvet - 600 sales<br /> Upscale - 346 sales<br /> Expose - 473 sales<br /> Propulsion - 2,133 sales (added 30-Oct)<br /> Sentence - 712 sales (added 30-Oct)<br /> Sales figures are based on Themeforest statistics. Over 16,000 web sites could be affected. </p> <p>Developer status: notified initially on 5th of October<br /> Latest developer response (24-Oct) : rolling out fixes in the near future.<br /> Developer home page: <a href="http://www.kriesi.at/" rel="nofollow">http://www.kriesi.at/</a><br /> Official support forum: <a href="http://www.kriesi.at/support/" rel="nofollow">http://www.kriesi.at/support/</a> </p> <p>what about? </p>