Jul 05, 2009, 09:15 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
Search via SMF or Google: modx forums all of modxcms.com web
  MODxCMS.com   Forums   Help Login Register  
MODx Community Forums » Announcements » Security Notices » Ditto 2.0.2 XSS Vulnerability
Pages: [1]   Go Down
« Previous topic Next topic »
  Send this topic  |  Print  
Author Topic: Ditto 2.0.2 XSS Vulnerability  (Read 11590 times)
0 Members and 1 Guest are viewing this topic.
Mark
Coding Team
*
Posts: 3,250


Ditto Developer


WWW
« on: Aug 20, 2007, 12:19 PM »
It has come to my attention, thanks to forum user neroz, that there is a small XSS vulnerability in Ditto 2.0.2. Although 2.1 is nearly ready, I will be away for the next 10 days or so and do not wish to release something I will not be able to support. Therefore, I've created a patched version of Ditto 2.0.2, which has now been released as 2.0.3. If your site makes extensive use of javascript or cookies, it would be wise to update your Ditto install. Otherwise, stay tuned for Ditto 2.1 in the near future!

To find out more about the dangers of XSS check out http://www.cgisecurity.com/articles/xss-faq.shtml.

Note: The results per page addon has been patched as well. You can get it from the repository.
Logged
zi
MODx Special Forces /
Administrator
*
Posts: 3,329


May Peace Be On You


WWW
« Reply #1 on: Aug 20, 2007, 04:05 PM »
Thanks for the heads up and RAPID fix!

Off to update.
Logged
Pages: [1]   Go Up
  Send this topic  |  Print  
« Previous topic Next topic »
 
Jump to:  

Powered by MySQL Powered by PHP

Copyright © 2005-2008 MODxCMS, All rights reserved. Contact Us
Styles by ziworks.com

Powered by SMF | SMF © 2006-2008, Simple Machines LLC

Valid XHTML 1.0! Valid CSS!