mrbs 1.6.1 is bundling jquery-ui 1.11.2 which is known to be vulnerable to an XSS. http://www.cvedetails.com/cve/CVE-2016-7103/
Ok, thanks. I will take a look tomorrow.
I have now fixed this in the default branch in f92a4e by upgrading to jQuery UI 1.12.1 and jQuery 3.2.1.
Thank you. Are you planning an mrbs release to fix this ?
Yes, we'll be making a 1.6.2 release in the next couple of months.
The 1.6.2 release turned out to be the 1.7.0 release.
Ok, thanks. I will take a look tomorrow.
I have now fixed this in the default branch in f92a4e by upgrading to jQuery UI 1.12.1 and jQuery 3.2.1.
Thank you.
Are you planning an mrbs release to fix this ?
Yes, we'll be making a 1.6.2 release in the next couple of months.
The 1.6.2 release turned out to be the 1.7.0 release.