xoops forums

Mamba

Moderator
Posted on: 2014/12/23 15:42
Mamba
Mamba (Show more)
Moderator
Posts: 10770
Since: 2004/4/23
#1

XOOPS 2.5.7 Security issues reported by Narendra Bhati (incl. in 2.5.7.1 Patch)

We wanted to thank Narendra Bhati, who notified us about security issues in 2.5.7 (see this article about the 2.5.7.1 Security Patch).

Now that hopefully everybody updated their XOOPS installations, we wanted to list the issues reported by Narendra separately so he can submit it and get the appropriate credit:

1. Reflected XSS
2. Stored XSS
3. NO HTTP ONLY FLAG
4. Issue of improper work of Protector
5. Clickjacking

It is thanks to people like Narendra that XOOPS is improving and getting better, and we very much appreciate these contributions, as they show power of Open Source!

If you haven't yet updated your XOOPS installation, please do it ASAP!!!
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs