1
kahumbu
Security Tracker Report
  • 2004/2/3 21:27

  • kahumbu

  • Documentation Writer

  • Posts: 277

  • Since: 2003/8/23


I would like to know if we have already addressed this bug report from Security Tracker?

http://securitytracker.com/alerts/2004/Jan/1008849.html

The report is actually a bit way over my head, but it states that it might be a security bug.

Thanks!

2
Mithrandir
Re: Security Tracker Report

Could have just bumped the old thread.

I know that at least we module devs (including some core devs) are aware of the report and are currently trying to figure out, what is causing it and how it can be exploited so it is possible to find out, how it can be prevented.

Until then, as we probably should with all modules, since it is a cross-site scripting issue, everyone are advised not to click on direct links for e.g. forum posts unless

a) you trust the poster
b) you can see that the link does not have more than the proper amount of variables (someone please confirm this, I'm no security expert) and no "weird" code after the normal query string

3
kahumbu
Re: Security Tracker Report
  • 2004/2/3 22:20

  • kahumbu

  • Documentation Writer

  • Posts: 277

  • Since: 2003/8/23


Quote:

Mithrandir wrote:
Could have just bumped the old thread.

Yes, I know. Sorry about that. Probably a bit paranoid after my site got defaced a month ago. BTW, what is a cross-site scripting issue?

Anyway, I'm glad the team already knows about this. Thanks!

4
Mithrandir
Re: Security Tracker Report


5
onokazu
Re: Security Tracker Report
  • 2004/2/6 14:49

  • onokazu

  • XOOPS Founder

  • Posts: 617

  • Since: 2001/12/13


Yes, this has been fixed on CVS and we are making it ready to be included in the 2.0.6 release.

Login

Who's Online

323 user(s) are online (216 user(s) are browsing Support Forums)


Members: 0


Guests: 323


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits