An XSS was found in login.php. But it requires to send malicious data via POST which makes it harder to exploit. E.g. it is not sufficient to click on a link.
Attached patch. Please see included install.txt for installation instructions.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.