1
Mamba
XOOPS 2.5.7 Security issues reported by Narendra Bhati (incl. in 2.5.7.1 Patch)
  • 2014/12/23 15:42

  • Mamba

  • Moderator

  • Posts: 11366

  • Since: 2004/4/23


We wanted to thank Narendra Bhati, who notified us about security issues in 2.5.7 (see this article about the 2.5.7.1 Security Patch).

Now that hopefully everybody updated their XOOPS installations, we wanted to list the issues reported by Narendra separately so he can submit it and get the appropriate credit:

1. Reflected XSS
2. Stored XSS
3. NO HTTP ONLY FLAG
4. Issue of improper work of Protector
5. Clickjacking

It is thanks to people like Narendra that XOOPS is improving and getting better, and we very much appreciate these contributions, as they show power of Open Source!

If you haven't yet updated your XOOPS installation, please do it ASAP!!!
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

Login

Who's Online

251 user(s) are online (147 user(s) are browsing Support Forums)


Members: 0


Guests: 251


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits