Security - cross-site scripting

This website can use cookies to improve the user experience

This website can use cookies to improve the user experience and to provide certain services and functions to users. Cookies contain small amounts of information (such as login information and user preferences) and will be stored on your device.

Enable All Cookies Privacy Policy

Security - cross-site scripting

General Questions 916 This topic was started by Maxpower, 2005-12-30 12:42

Maxpower 0
From: -
2005-12-30 12:42

Security - cross-site scripting

Hi,
Have you seen this - http://secunia.com/advisories/18130/ - Esselbach Storyteller CMS System "query" Cross-Site Scripting? Is there a fix available?
Tnx!

Notice

This topic is archived. New comments cannot be posted and votes cannot be cast.

Responses to this topic

1 Re: Security - cross-site scripting

Philipp

Administrator

1340
From: Vienna, Austria
2005-12-31 17:45

Security - cross-site scripting

No one informated me about this Slightly Frowning Face

Open search.php and replace:

$query = ScriptEx(checkvar($query));

with:
[code|$query = htmlentities(ScriptEx(checkvar($query)));
I will released an updated version as soon I return to the office.

Notice

This topic is archived. New comments cannot be posted and votes cannot be cast.