« previous next »
Topic: Ditto 2.0.2 XSS Vulnerability  (Read 13716 times)

Send this topic   Print
Pages: [1]   Go Down

#1: 20-Aug-2007, 12:19 PM

Emeritus
Mark
Posts: 3,250

Ditto Developer

WWW
It has come to my attention, thanks to forum user neroz, that there is a small XSS vulnerability in Ditto 2.0.2. Although 2.1 is nearly ready, I will be away for the next 10 days or so and do not wish to release something I will not be able to support. Therefore, I've created a patched version of Ditto 2.0.2, which has now been released as 2.0.3. If your site makes extensive use of javascript or cookies, it would be wise to update your Ditto install. Otherwise, stay tuned for Ditto 2.1 in the near future!

To find out more about the dangers of XSS check out http://www.cgisecurity.com/articles/xss-faq.shtml.

Note: The results per page addon has been patched as well. You can get it from the repository.

#2: 20-Aug-2007, 04:05 PM

Administrator

zi
MODx Special Forces /
Posts: 3,688

May Peace Be On You

WWW
Thanks for the heads up and RAPID fix!

Off to update.
Share and explore websites made in MODx by Zaigham's Web | Tweet @zaigham | Resource Center
MODx Current | Dev | SVN Root | JIRA (Bugs) | Confluence (Wiki) | Fisheye SVN Browser
Pages: [1]   Go Up
Send this topic   Print
0 Members and 1 Guest are viewing this topic.
 

 
 

Contact | Advertise | Blog | FAQ | Credits

© 2005-2010 MODx, LLC. All rights reserved. Privacy Policy | Terms of Service
Powered by SMF 1.1.11 | SMF © 2006-2008, Simple Machines LLC