[dokuwiki] Re: XSS Vulnerability - Update your discussion plugins!
- From: Stéphane Gully <stephane.gully@xxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Mon, 2 Feb 2009 07:59:16 +0100
Hello Michael,
First of all, thank for having fixed this vulnerability.
I followed you recommendation and I upgraded your plugin to 2009-01-31
version. However I had a strange problem that seams linked to this
upgrade:
Since the upgrade I got lot of spam on my discussions threads although
I well activated the CAPTCHA protection. I don't know if I'm alone
with this problem and I don't know if it's really related to this
upgrade but I would be very welcomed if you could check if your
modifications could break something on the CAPTCHA protection.
regards,
Stéphane Gully
On Sat, Jan 31, 2009 at 4:42 PM, Michael Klier <chi@xxxxxxxxxxx> wrote:
> Hi,
>
> there's been a XSS vulnerability discovered in the discussion plugin [1],
> which allowed users to post "evil" URLs, which could be used to perform XSS
> attacks. A fixed version of the plugin is available as of today!
>
> Everybody who is using this plugin is highly encouraged to update to the
> latest version (2009-01-31)!
>
> Many thanks to the Oracle Ethical Hacking Team for reporting the prolem!
>
> Best Regards,
> Michael Klier
>
> [1] http://dokuwiki.org/plugin:discussion
>
> --
> Michael Klier
>
> www: http://www.chimeric.de
> jabber: chi@xxxxxxxxxxxxxxxxxx
> key: http://downloads.chimeric.de/chi.asc
> key-id: 0x8308F551
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFJhHFZAuL1i4MI9VERAsQ3AJ9JCHANQ2GuNqS8ᾝ寨̛�⟖壥
> NqFA5y3oK47CozpAdnm/bzI=
> =2ZBP
> -----END PGP SIGNATURE-----
>
>
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
