Hello Michael, First of all, thank for having fixed this vulnerability. I followed you recommendation and I upgraded your plugin to 2009-01-31 version. However I had a strange problem that seams linked to this upgrade: Since the upgrade I got lot of spam on my discussions threads although I well activated the CAPTCHA protection. I don't know if I'm alone with this problem and I don't know if it's really related to this upgrade but I would be very welcomed if you could check if your modifications could break something on the CAPTCHA protection. regards, Stéphane Gully On Sat, Jan 31, 2009 at 4:42 PM, Michael Klier <chi@xxxxxxxxxxx> wrote: > Hi, > > there's been a XSS vulnerability discovered in the discussion plugin [1], > which allowed users to post "evil" URLs, which could be used to perform XSS > attacks. A fixed version of the plugin is available as of today! > > Everybody who is using this plugin is highly encouraged to update to the > latest version (2009-01-31)! > > Many thanks to the Oracle Ethical Hacking Team for reporting the prolem! > > Best Regards, > Michael Klier > > [1] http://dokuwiki.org/plugin:discussion > > -- > Michael Klier > > www: http://www.chimeric.de > jabber: chi@xxxxxxxxxxxxxxxxxx > key: http://downloads.chimeric.de/chi.asc > key-id: 0x8308F551 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFJhHFZAuL1i4MI9VERAsQ3AJ9JCHANQ2GuNqS8ᾝ寨̛�⟖壥 > NqFA5y3oK47CozpAdnm/bzI= > =2ZBP > -----END PGP SIGNATURE----- > > -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist