Bugtraq mailing list archives
Re: Xoops RC3 script injection vulnerability fixed
From: Sergio <w4z002 () hotmail com>
Date: 26 Sep 2002 14:58:20 -0000
In-Reply-To: <200209241358.g8ODwqx97021 () mailserver2 hushmail com> RC3.0.5 is released to fix a security vulnerability recently posted on Bugtraq ML. Overview ======= There was a vunerability when a user previews/submits a news in the News module, HTML tags were allowed to process. Solution ======= All users are strongly recommended to download the following packages and upgrade to this version. [b][u][size=large]New Users[/size][/u][/b] [url=http://www.xoops.org/modules/mydownloads/viewcat.php?cid=16]Download Full RC3.0.5 Package[/url] [b][u][size=large]RC3.0.4 Users[/size][/u][/b] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=232] Download RC3.0.4->RC3.0.5 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=231] Download RC3.0.4->RC3.0.5 Upgrade Package (tar.gz)[/url] [b][u][size=large]RC3.0.3 Users[/size][/u][/b] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=187] Download RC3.0.3->RC3.0.4 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=232] Download RC3.0.4->RC3.0.5 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=186] Download RC3.0.3->RC3.0.4 Upgrade Package (tar.gz)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=231] Download RC3.0.4->RC3.0.5 Upgrade Package (tar.gz)[/url] [b][u][size=large]RC3.0.2 Users[/size][/u][/b] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=173] Download RC3.0.2->RC3.0.3 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=187] Download RC3.0.3->RC3.0.4 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=232] Download RC3.0.4->RC3.0.5 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=172] Download RC3.0.2->RC3.0.3 Upgrade Package (tar.gz)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=186] Download RC3.0.3->RC3.0.4 Upgrade Package (tar.gz)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=231] Download RC3.0.4->RC3.0.5 Upgrade Package (tar.gz)[/url] [b][u][size=large]RC3.0.1 Users[/size][/u][/b] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=167] Download RC3.0.1->RC3.0.2 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=173] Download RC3.0.2->RC3.0.3 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=187] Download RC3.0.3->RC3.0.4 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=232] Download RC3.0.4->RC3.0.5 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=160] Download RC3.0.1->RC3.0.2 Upgrade Package (tar.gz)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=172] Download RC3.0.2->RC3.0.3 Upgrade Package (tar.gz)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=186] Download RC3.0.3->RC3.0.4 Upgrade Package (tar.gz)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=231] Download RC3.0.4->RC3.0.5 Upgrade Package (tar.gz)[/url] [b][u][size=large]RC3.0.0 Users[/size][/u][/b] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=161] Download RC3.0.0->RC3.0.1 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=167] Download RC3.0.1->RC3.0.2 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=173] Download RC3.0.2->RC3.0.3 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=187] Download RC3.0.3->RC3.0.4 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=232] Download RC3.0.4->RC3.0.5 Upgrade Package (zip)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=168] Download RC3.0.0->RC3.0.1 Upgrade Package (tar.gz)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=160] Download RC3.0.1->RC3.0.2 Upgrade Package (tar.gz)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=172] Download RC3.0.2->RC3.0.3 Upgrade Package (tar.gz)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=186] Download RC3.0.3->RC3.0.4 Upgrade Package (tar.gz)[/url] [url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=231] Download RC3.0.4->RC3.0.5 Upgrade Package (tar.gz)[/url] Note ======
From this release, users are not allowed to use HTML tags when posting
news/comments. As for forum posts, users can still use HTML as long as HTML tags are enabled in the posting forum. However, we advise you to always disable HTML posts in forums as well.
Current thread:
- Re: Xoops RC3 script injection vulnerability fixed Sergio (Sep 26)