1
kevinv
Xoops 2.0.5.1 XSS attack?
  • 2003/12/23 2:04

  • kevinv

  • Friend of XOOPS

  • Posts: 44

  • Since: 2003/1/4 1


Just saw post from yesterday on bugtraq that XOOPS 2.0.5.1 web link module has a xss bug.

Are the XOOPS developers aware of this? Is it a real issue? (I've not tested on my install yet)

Security Focus Bugtraq Archive

2
skalpa
Re: Xoops 2.0.5.1 XSS attack?
  • 2003/12/23 2:17

  • skalpa

  • Quite a regular

  • Posts: 300

  • Since: 2003/4/16


Somebody warned us earlier today.
As I said in another post, this is not an issue if you haven't set your "links" section to auto-approve.

The patch has already been done, but as we expect to make a release fixing a few other problems in a week or so, we decided not to release this one alone right now.
However you can already get the fixed files and copy them to /modules/mylinks/ (they should work with 2.0.1 - 2.0.5.1, and although I haven't tested them extensively I don't think there will be any problems with them):

myheader.php
submit.php
visit.php

[ EDITED ]
Sorry, I messed with the links in the original post. They should be ok now (or at least in a few minutes, myheader and visit should both be v1.8 when you get them).

Skalpa.>

Login

Who's Online

270 user(s) are online (235 user(s) are browsing Support Forums)


Members: 0


Guests: 270


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits