[opencms-dev] OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error
Marc.Schlegel
my.mailing.lists at gmx.de
Sat Aug 8 14:47:26 CEST 2009
How about the webform module? I was actually about to ask the question
if the form input is checked for sql injection and so on? In my case its
the oamp contactform I am concerned about.
Maybe there is a regex, for the additional validation, as a workaroung
solution for now.
regards
Manfred Schenk schrieb:
> Arash Kaffamanesh schrieb:
>
>> Dear all,
>> dear Alkacon Team,
>>
>> I found the following issue about OpenCms (7.5.0) - Vulnerability:
>> Cross-Site Scripting, Phishing Through Frames, Application Error:
>>
>> http://www.securityfocus.com/archive/1/505547
>>
>> I think this issue affects only OpenCms 7.5.0, but most likely not
>> OpenCms 6.2.3 or 7.0.5 versions? Right?
>>
>
> I just tried the examples given in the article above on my 7.5.0
> installation and could not reproduce the mentioned results in the case
> if I'm not logged into the workplace.
> If I'm logged in and then enter the URL from the example I can reproduce
> it with 7.5.0
>
> I think this should be fixed as soon as possible. Perhaps the fix for
> this issue can be packaged together with the javascript-fixes from the
> last weeks into a bugfix-release in the near future.
>
> Regards,
> Manfred
>
>
>
>
More information about the opencms-dev
mailing list