http://siteframe.org/security <p>Notices and information about enhancing security for your Siteframe website.</p> en-US &copy;2005-7 Glen Campbell Sat, 11 Feb 2006 15:38:33 PST Siteframe 5.0.6 webmaster@siteframe.org http://blogs.law.harvard.edu/tech/rss 30 In search.php, an unmodified $_GET variable is assigned to a Smarty variable, where it can be displayed on a page. A malicious intruder could insert evil Javascript into the query string and execute it from the page. IMMEDIATE FIX On line 64 of search.php, wrap the $_GET['q'] in the... Sat, 11 Feb 2006 15:38:33 PST http://siteframe.org/p/xss_vulnerability_in_siteframe_501 http://siteframe.org/p/xss_vulnerability_in_siteframe_501 security xss Siteframe has, unfortunately, been shown to be vulnerable to cross-site scripting attacks. In this case, an attacker from a remote site can use a security hole in Siteframe to access files on the attacked computer.There is a fix; you need to edit the file web/siteframe.php and change this line... Sat, 26 Nov 2005 22:40:46 PST http://siteframe.org/p/siteframe_3_crosssite_scriptiong_xss_vulnerability http://siteframe.org/p/siteframe_3_crosssite_scriptiong_xss_vulnerability security siteframe xss