Security fix for flash-based cloud in Freetag plugin
Wednesday, September 14. 2011
Posted by Garvin Hicking in Plugins, Security
Comments (3)
Trackbacks (0)
Posted by Garvin Hicking in Plugins, Security
Comments (3)
Trackbacks (0)
MustLive discovered a HTML-injection vulnerability in the tagcloud.swf Flashfile that the Freetag-Plugin bundles and makes optionally available.
The issue is fixed in version 1.23 of the flashfile, which has now been committed to the Serendipity plugin (in version 3.30).
Since the swf-File is always bundled with the update, it is recommended to update to the latest version of the plugin for all users, or to delete that specific .swf file.
Thanks to MustLive for sharing the information with us.
MustLive discovered a HTML-injection vulnerability in the tagcloud.swf Flashfile that the Freetag-Plugin bundles and makes optionally available. The issue is fixed in version 1.23 of the flashfile, which has now been committed to the Serendipity plugin (in version 3.30). Since the swf-File is always bundled with the update, it is recommended to update to the latest version of the plugin for all users, or to delete that specific .swf file. Thanks to MustLive for sharing the information with us.Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
Thanks Garv, but how is this injection triggered? How can I see if anyone already used this vulnerability?
nice blog & very informative, i'm bookmarking this blog & visiting again for updates.
