One of the changelog entries for the latest version of IgniteUp is “Added code improvements to prevent few permission and security vulnerabilities.”. Looking at the changes made in that we found that there were multiple vulnerabilities fixed. Among the most serious look to be an arbitrary directory deletion vulnerability and a persistent cross-site scripting (XSS) vulnerability.

…

[Read more]