Testimonial

"CMSImport, every Umbraco content migrators best friend"

Ismail Mayat, The Cogworks

 

Xss fix for SEOChecker

July 09, 2018

You know it's not going to be the best Monday when you open twitter the Umbraco keword filled up with these tweets.

Seotwitter

What happened?

For the property editors for SEO and Social data we display the changes immediately in the snippet preview. Only thing we forgot is that editors could be hackers too and we didn't strip out any html.

What was the risk?

Not high since it's not likely an editor will inject JavaScript into his own site in Umbraco and it was not possible without logging into the Backoffice.

New Release

So long story short. Sorry that this happened and we made sure this is now in our test procedure before releasing software. We fixed the bug today and made a complete release with other features and a few fixes.

See all changes in our release notes.