xoops forums


Friend of XOOPS
Posted on: 2003/12/23 2:04
kevinv (Show more)
Friend of XOOPS
Posts: 44
Since: 2003/1/4 1

Xoops XSS attack?

Just saw post from yesterday on bugtraq that XOOPS web link module has a xss bug.

Are the XOOPS developers aware of this? Is it a real issue? (I've not tested on my install yet)

Security Focus Bugtraq Archive


Quite a regular
Posted on: 2003/12/23 2:17
skalpa (Show more)
Quite a regular
Posts: 300
Since: 2003/4/16

Re: Xoops XSS attack?

Somebody warned us earlier today.
As I said in another post, this is not an issue if you haven't set your "links" section to auto-approve.

The patch has already been done, but as we expect to make a release fixing a few other problems in a week or so, we decided not to release this one alone right now.
However you can already get the fixed files and copy them to /modules/mylinks/ (they should work with 2.0.1 -, and although I haven't tested them extensively I don't think there will be any problems with them):


Sorry, I messed with the links in the original post. They should be ok now (or at least in a few minutes, myheader and visit should both be v1.8 when you get them).