EidoGo Security Vulnerability Alert

Public Security Announcement to WebMasters using EidoGo

EidoGo contains cross-site scripting (XSS) security vulnerabilities

If you are using EidoGo as an embedded SGF player on your website, your site may be susceptible to these security vulnerabilities, particularly if your site supports uploading SGF files that are then displayed to other users via EidoGo. You can read more about this issue in the below GitHub issue report.

You can also read more about what cross-site scripting is on this website:

Note: this is the public disclosure following a two-month period after the developer was first privately notified of this issue. One month ago, the webmasters of several websites (including OGS) were notified to allow them to address this security issue in advance of wider public disclosure.


I hope that L19 is aware of this … are you posting this there, too?

I notified their admins via PM a month ago along with the other webmasters.

I just copied this public announcement to that forum.

1 Like