[opencms-dev] OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error
Alexander Kandzior
alex at opencms.org
Mon Aug 10 10:04:28 CEST 2009
Hi all,
regarding that reported security issues:
>> I found the following issue about OpenCms (7.5.0) - Vulnerability:
>> Cross-Site Scripting, Phishing Through Frames, Application Error:
>>
>> http://www.securityfocus.com/archive/1/505547
> I just tried the examples given in the article above on my 7.5.0
> installation and could not reproduce the mentioned results in the case
> if I'm not logged into the workplace.
> If I'm logged in and then enter the URL from the example I can reproduce
> it with 7.5.0
We will certainly address and fix these issues in an upcoming 7.5.1 release.
Please note that the security risk of these issues is rather low, since it
can only be exploited by a user that already has a workplace login. Now
since this usually is a very small group of people, the risk of this issue
being actually exploited is quite small.
Again, we take these issue seriously and will provide a fix in the future.
However, we don't feel we have to rush a release because of that.
Kind Regards,
Alex.
-------------------
Alexander Kandzior
Alkacon Software GmbH - The OpenCms Experts
http://www.alkacon.com - http://www.opencms.org
More information about the opencms-dev
mailing list