Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Xoops MyTextSanitizer HTML injection vulnerability

Xoops MyTextSanitizer HTML injection vulnerability

by Mario Miri on May 13th, 2003 It has been reported that some versions of Xoops are prone to HTML/script injectin attacks due to insufficient sanitization of user supplied data in MyTextSanitizer script. The HTML/script code injected would be interpreted in web browsers of legitimate users.


Vulnerable:
Xoops 1.3.5
Xoops 1.3.6
Xoops 1.3.7
Xoops 1.3.8
Xoops 1.3.9
Xoops 2.0
Xoops 2.0.1


Solution:
Versions 1.3.10 and 2.0.2 address this issue. Users are advised to upgrade.
Xoops 1.3.10 => http://www.xoops.org/modules/mydownloads/viewcat.php?cid=16
Xoops 2.0.2 => http://www.xoops.org/modules/mydownloads/viewcat.php?cid=26


Discovered by:
magistrat, [email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »