[opencms-dev] OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error
Manfred Schenk
manfred.schenk at zerobyte.de
Fri Aug 7 23:26:51 CEST 2009
Arash Kaffamanesh schrieb:
> Dear all,
> dear Alkacon Team,
>
> I found the following issue about OpenCms (7.5.0) - Vulnerability:
> Cross-Site Scripting, Phishing Through Frames, Application Error:
>
> http://www.securityfocus.com/archive/1/505547
>
> I think this issue affects only OpenCms 7.5.0, but most likely not
> OpenCms 6.2.3 or 7.0.5 versions? Right?
I just tried the examples given in the article above on my 7.5.0
installation and could not reproduce the mentioned results in the case
if I'm not logged into the workplace.
If I'm logged in and then enter the URL from the example I can reproduce
it with 7.5.0
I think this should be fixed as soon as possible. Perhaps the fix for
this issue can be packaged together with the javascript-fixes from the
last weeks into a bugfix-release in the near future.
Regards,
Manfred
--
| Manfred Schenk | born between RFC638 and RFC640
| PGP-Keys unter |
| http://www.ZEROByte.de/pgp/ | WWW: http://www.ZEROByte.de/
More information about the opencms-dev
mailing list