Yesterday we fixed a XSS vulnerability in our Admin Console. This vulnerability could have allowed malicious parties to get access to private data or take actions as an Admin. We have no indications that any of these actions were taken before we plugged the hole.
Security vulnerabilities make us sick to our stomachs, and while there’s no way to prevent them from ever happening, there is more we can do. The developer who fixed this vulnerability will be presenting and discussing ways to better test and improve our security with the team later this week.
If you have any questions, don’t hesitate to contact us.
Head of Community, UserVoice