This website can use cookies to improve the user experience

This website can use cookies to improve the user experience and to provide certain services and functions to users. Cookies contain small amounts of information (such as login information and user preferences) and will be stored on your device.

Enable All Cookies Privacy Policy

Security - cross-site scripting


avatar
Maxpower 0
From: -
Security - cross-site scripting

Hi,
Have you seen this -  http://secunia.com/advisories/18130/ - Esselbach Storyteller CMS System "query" Cross-Site Scripting? Is there a fix available?
Tnx!

Notice

This topic is archived. New comments cannot be posted and votes cannot be cast.

Responses to this topic


1 Re: Security - cross-site scripting
avatar
Administrator
1342
From: Austria
Security - cross-site scripting

No one informated me about this Slightly Frowning Face

Open search.php and replace:
$query = ScriptEx(checkvar($query));


with:
[code|$query = htmlentities(ScriptEx(checkvar($query)));
I will released an updated version as soon I return to the office.

Notice

This topic is archived. New comments cannot be posted and votes cannot be cast.