Forum Plugin Version 2.7.1 - Security Fix
Une vulnérabilité possible à été identifiée par Yosuke Yamada of NetAgent Co., Ltd et rapportée par Noriko Takahashi of JPCERT/CC
La fonction recherche du forum ne filtre pas correctement le javascript. Une new release corrige se problème et vous êtes encouragés à faire une mise à jour.
Pour effectuer cette mise à jour, remplacer les fichiers listés ci-dessous et lancer la mise à jour dans l'interface d'administration des plugins.
- public_html/index.php
- config.php
- functions.inc
Source geeklog.net
A possible Cross-Site security vulnerability has been identified by Yosuke Yamada of NetAgent Co., Ltd and reported to us by Noriko Takahashi of JPCERT/CC - http://jvn.jp/
The issue is with the forum search not correctly filtering out javascript. This new release addresses that issue and all sites are recommended to upgrade to this latest release which is now available in the downloads area.
The upgrade steps are to replace the changed files and run the plugin upgrade.
- public_html/index.php
- config.php
- functions.inc
commentaires (1)
Dirk on geeklog.net
"I took the liberty and uploaded a collection of patches for the Forum plugin here.
These patches are "unoffcial" - if they break anything, it's my fault, not Blaine's. They have also been submitted to Blaine for inclusion in future versions, of course. And some of them (like displaying the thread subject in the site's title) have been in use on geeklog.net for a while."