Tag: xss
XSS Vulnerability in Siteframe 5.0.1
In search.php, an unmodified $_GET variable is assigned to a Smarty variable, where it can be displayed on a page. A malicious intruder could insert evil Javascript into the query string and execute it from the page.
IMMEDIATE FIX
On line 64 of search.php, wrap the $_GET['q'] in the htmlentities() function:
$PAGE->assign('search_string',...
1 comment(s)
/ glen
/ Security
/ on February 11, 2006 at 15:38
Siteframe 3: Cross-Site Scripting (XSS) Vulnerability
Siteframe has, unfortunately, been shown to be vulnerable to
cross-site scripting attacks. In this case, an attacker from a remote
site can use a security hole in Siteframe to access files on the
attacked computer. There is a fix; you need to edit the file web/siteframe.php and change this line (which appears near line 20 at the top of the file): if ($LOCAL_PATH ==...
0 comment(s)
/ glen
/ Security
/ on November 26, 2005 at 22:40
