<![CDATA[HeedYou forum — Attention admin]]> https://forum.heedyou.com/viewtopic.php?id=12886 Thu, 30 Mar 2017 05:40:06 +0000 PunBB <![CDATA[Re: Attention admin]]> https://forum.heedyou.com/viewtopic.php?pid=27727#p27727 Thanks for your concern but there is no reason to worry.

The only parameter that allows the kind of characters necessary is a name field, and it is being run through htmlentities function before being passed through. There is no way for it to execute as a code on the other end.

Best regards,
HeedYou

]]> Thu, 30 Mar 2017 05:40:06 +0000 https://forum.heedyou.com/viewtopic.php?pid=27727#p27727 <![CDATA[Attention admin]]> https://forum.heedyou.com/viewtopic.php?pid=27724#p27724 Hi admin

Please Close API feature

http://heedyou.com/docs/files/examplejs.html

Probably people can create XSS code on api feature. I advice close this section

Best Regards

]]> Thu, 30 Mar 2017 02:05:05 +0000 https://forum.heedyou.com/viewtopic.php?pid=27724#p27724