Sep 06, 2008, 01:50 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
modxcms.com web
  MODxCMS.com   Forums   Help Login Register  
MODx Community Forums » Announcements » Security Notices (Moderator: OpenGeek» Ditto 2.0.2 XSS Vulnerability
Pages: [1]   Go Down
« Previous topic Next topic »
  Send this topic  |  Print  
Author Topic: Ditto 2.0.2 XSS Vulnerability  (Read 9719 times)
0 Members and 1 Guest are viewing this topic.
Mark
Coding Team
*
Posts: 3,247


Ditto Developer


WWW
« on: Aug 20, 2007, 12:19 PM »
It has come to my attention, thanks to forum user neroz, that there is a small XSS vulnerability in Ditto 2.0.2. Although 2.1 is nearly ready, I will be away for the next 10 days or so and do not wish to release something I will not be able to support. Therefore, I've created a patched version of Ditto 2.0.2, which has now been released as 2.0.3. If your site makes extensive use of javascript or cookies, it would be wise to update your Ditto install. Otherwise, stay tuned for Ditto 2.1 in the near future!

To find out more about the dangers of XSS check out http://www.cgisecurity.com/articles/xss-faq.shtml.

Note: The results per page addon has been patched as well. You can get it from the repository.
Logged
zi
MODx Special Forces /
Administrator
*
Posts: 2,914


May Peace Be On You


WWW
« Reply #1 on: Aug 20, 2007, 04:05 PM »
Thanks for the heads up and RAPID fix!

Off to update.
Logged
“Internet Explorer’s CSS rendering: WYSIWTF”. — someone genius
--------------------------------------------------
Pages: [1]   Go Up
  Send this topic  |  Print  
« Previous topic Next topic »
 
Jump to:  

Powered by MySQL Powered by PHP

Copyright © 2005-2008 MODxCMS, All rights reserved. Contact Us
Styles by ziworks.com

Powered by SMF 1.1.4 | SMF © 2005, Simple Machines LLC

Valid XHTML 1.0! Valid CSS!