From: D. J. <ph...@us...> - 2007-12-22 02:30:53
|
An XSS vulnerability in XOOPS 2.2* was reported by Omer Singer from The Digi Trust Group, LLC. All XOOPS 2.2* users are urged to apply the attached patch. Implementation Guide: Step 1: uncompress the package Step 2: upload the /html/class/xoopsform/form.php file to your XOOPSROOT/class/xoopsform/ Note: 1 XOOPS 2.2.6 RC is released at the same time with a more comprehensive solution. Do NOT apply this patch if you use 2.2.6 RC package instead. 2 XOOPS 2.0* sites are not affected directly, however the relevant improvements have been available in XOOPS 2.0.18 RC. |