[dokuwiki] XSS Vulnerability - Update your discussion plugins!

• From: Michael Klier <chi@xxxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Sat, 31 Jan 2009 16:42:17 +0100

Hi,

there's been a XSS vulnerability discovered in the discussion plugin [1],
which allowed users to post "evil" URLs, which could be used to perform XSS
attacks. A fixed version of the plugin is available as of today!

Everybody who is using this plugin is highly encouraged to update to the
latest version (2009-01-31)!

Many thanks to the Oracle Ethical Hacking Team for reporting the prolem!

Best Regards,
        Michael Klier

[1] http://dokuwiki.org/plugin:discussion

-- 
Michael Klier

www:    http://www.chimeric.de
jabber: chi@xxxxxxxxxxxxxxxxxx
key:    http://downloads.chimeric.de/chi.asc
key-id: 0x8308F551

• » [dokuwiki] XSS Vulnerability - Update your discussion plugins! - Michael Klier
• » [dokuwiki] Re: XSS Vulnerability - Update your discussion plugins! - Stéphane Gully
• » [dokuwiki] Re: XSS Vulnerability - Update your discussion plugins! - Michael Klier
• » [dokuwiki] Re: XSS Vulnerability - Update your discussion plugins! - Stéphane Gully

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription