<![CDATA[HeedYou forum — Attention admin]]> 2017-03-30T05:40:06Z PunBB https://forum.heedyou.com/viewtopic.php?id=12886 <![CDATA[Re: Attention admin]]> Thanks for your concern but there is no reason to worry.

The only parameter that allows the kind of characters necessary is a name field, and it is being run through htmlentities function before being passed through. There is no way for it to execute as a code on the other end.

Best regards,
HeedYou

]]> https://forum.heedyou.com/profile.php?id=2 2017-03-30T05:40:06Z https://forum.heedyou.com/viewtopic.php?pid=27727#p27727 <![CDATA[Attention admin]]> Hi admin

Please Close API feature

http://heedyou.com/docs/files/examplejs.html

Probably people can create XSS code on api feature. I advice close this section

Best Regards

]]> https://forum.heedyou.com/profile.php?id=233505 2017-03-30T02:05:05Z https://forum.heedyou.com/viewtopic.php?pid=27724#p27724