Thanks for pointing this out. It was an old XSS bug that was fixed and released around a year ago (see: https://groups.google.com/forum/#!topic/mezzanine-users/BGGeI1Ncjuo) but had not been applied to the demo site, which I've done now.
Just a reminder - if you believe you have come across a potential security issue, please use the private email address core-t...@mezzaninecms.com to report the issue, as noted in the readme. That gives a chance to resolve the issue and get it released to the private security group ( https://groups.google.com/forum/#!forum/mezzanine-security) and rolled out to public sites before being made public. On Wed, May 27, 2020 at 11:17 PM Αντώνης Καρβελάς <ant.karve...@gmail.com> wrote: > I get weird alerts in the demo blogposts section: > http://mezzanine.jupo.org/en/admin/blog/blogpost/ > I wonder if someone tried to implant XSS... > > -- > You received this message because you are subscribed to the Google Groups > "Mezzanine Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to mezzanine-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/mezzanine-users/be02fff1-e4a3-4ea2-88b3-842b8ec3574a%40googlegroups.com > <https://groups.google.com/d/msgid/mezzanine-users/be02fff1-e4a3-4ea2-88b3-842b8ec3574a%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/mezzanine-users/CAFDn9Nb8AFXKyiJndJzcXqB8M01M4svat-TpgqTkvHng%3DFU8Zw%40mail.gmail.com.
