serendipity_event_freetag: Plugin update, XSS bug

Tuesday, May 31. 2011
Posted by Garvin Hicking in Announcements, Plugins, Security

Comments (0)
Trackbacks (0)

Thanks to Stefan Schurtz, who reported a XSS issue in the serendipity_event_freetag plugin (SSCHADV2011-004). The issue was fixed in version 3.22 of the plugin, you can fetch the update through Spartacus or download via Spartacus.s9y.org.

The bug was introduced in version 3.20 of the plugin. Users of the plugin should upgrade, as it allows malicious users to trick people into visiting a specially crafted link on your blog to steal cookie login information for example, if you click on such a link.


Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed
 
 
 
 

Frontpage - Top level

 

Quicksearch


Categories


All categories

Archives


Development state

The current nightly/GitHub trunk state is: 1.7

Recommendation(s): Use 1.7 release

Please report issues and bugs on our Forums. Your help is very much appreciated.


Syndicate This Blog


More Feeds/Information

Event Plugins
Sidebar Plugins
s9y Github
Serendipity around the world