[dokuwiki] Box plugin update / Fixes XSS Vulnerability

• From: Christopher Smith <chris@xxxxxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Mon, 3 Mar 2008 17:41:20 +0000

Andy Webber of Oracle's Ethical Hacking Team discovered a XSS vulnerability in the Box plugin. A new version of the plugin is now available:

http://dokuwiki.jalakai.co.uk/index.html

Details of the fix can be found at 
http://wiki.splitbrain.org/plugin:boxes#security_fix_2

The update to the box plugin includes more than the patch for this issue.

- fix XSS vulnerability
- adds box colours to the syntax.

- fixes a problem whereby the box plugin would introduce a <P> at the start of the box contents (thanks to Bernd Zeimetz for discovering the problem and Stefan Kuchling for providing a patch.

--Chris
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts:

• » [dokuwiki] Box plugin update / Fixes XSS Vulnerability

1. Home
2. dokuwiki
3. Archive
4. 03-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---