Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Xoops RC3 script injection vulnerability fixed
From: Sergio <w4z002 () hotmail com>
Date: 26 Sep 2002 14:58:20 -0000
In-Reply-To: <200209241358.g8ODwqx97021 () mailserver2 hushmail com>

RC3.0.5 is released to fix a security vulnerability recently posted on 
Bugtraq ML.

Overview
=======
There was a vunerability when a user previews/submits a news in the News 
module, HTML tags were allowed to process.


Solution
=======
 All users are strongly recommended to download the following packages and 
upgrade to this version.

[b][u][size=large]New Users[/size][/u][/b]
[url=http://www.xoops.org/modules/mydownloads/viewcat.php?cid=16]Download 
Full RC3.0.5 Package[/url]

[b][u][size=large]RC3.0.4 Users[/size][/u][/b]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=232]
Download RC3.0.4->RC3.0.5 Upgrade Package (zip)[/url]

[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=231]
Download RC3.0.4->RC3.0.5 Upgrade Package (tar.gz)[/url]


[b][u][size=large]RC3.0.3 Users[/size][/u][/b]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=187]
Download RC3.0.3->RC3.0.4 Upgrade Package (zip)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=232]
Download RC3.0.4->RC3.0.5 Upgrade Package (zip)[/url]

[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=186]
Download RC3.0.3->RC3.0.4 Upgrade Package (tar.gz)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=231]
Download RC3.0.4->RC3.0.5 Upgrade Package (tar.gz)[/url]


[b][u][size=large]RC3.0.2 Users[/size][/u][/b]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=173]
Download RC3.0.2->RC3.0.3 Upgrade Package (zip)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=187]
Download RC3.0.3->RC3.0.4 Upgrade Package (zip)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=232]
Download RC3.0.4->RC3.0.5 Upgrade Package (zip)[/url]

[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=172]
Download RC3.0.2->RC3.0.3 Upgrade Package (tar.gz)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=186]
Download RC3.0.3->RC3.0.4 Upgrade Package (tar.gz)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=231]
Download RC3.0.4->RC3.0.5 Upgrade Package (tar.gz)[/url]


[b][u][size=large]RC3.0.1 Users[/size][/u][/b]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=167]
Download RC3.0.1->RC3.0.2 Upgrade Package (zip)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=173]
Download RC3.0.2->RC3.0.3 Upgrade Package (zip)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=187]
Download RC3.0.3->RC3.0.4 Upgrade Package (zip)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=232]
Download RC3.0.4->RC3.0.5 Upgrade Package (zip)[/url]

[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=160]
Download RC3.0.1->RC3.0.2 Upgrade Package (tar.gz)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=172]
Download RC3.0.2->RC3.0.3 Upgrade Package (tar.gz)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=186]
Download RC3.0.3->RC3.0.4 Upgrade Package (tar.gz)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=231]
Download RC3.0.4->RC3.0.5 Upgrade Package (tar.gz)[/url]


[b][u][size=large]RC3.0.0 Users[/size][/u][/b]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=161]
Download RC3.0.0->RC3.0.1 Upgrade Package (zip)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=167]
Download RC3.0.1->RC3.0.2 Upgrade Package (zip)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=173]
Download RC3.0.2->RC3.0.3 Upgrade Package (zip)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=187]
Download RC3.0.3->RC3.0.4 Upgrade Package (zip)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=232]
Download RC3.0.4->RC3.0.5 Upgrade Package (zip)[/url]

[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=168]
Download RC3.0.0->RC3.0.1 Upgrade Package (tar.gz)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=160]
Download RC3.0.1->RC3.0.2 Upgrade Package (tar.gz)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=172]
Download RC3.0.2->RC3.0.3 Upgrade Package (tar.gz)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=186]
Download RC3.0.3->RC3.0.4 Upgrade Package (tar.gz)[/url]
[url=http://www.xoops.org/modules/mydownloads/singlefile.php?lid=231]
Download RC3.0.4->RC3.0.5 Upgrade Package (tar.gz)[/url]


Note
======

From this release, users are not allowed to use HTML tags when posting 

news/comments. As for forum posts, users can still use HTML as long as  
HTML tags are enabled in the posting forum. However, we advise you to 
always disable HTML posts in forums as well.

  By Date           By Thread  

Current thread:
  • Re: Xoops RC3 script injection vulnerability fixed Sergio (Sep 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]