miniBB Support Forums | 16 years on The Web
miniBB ®


 | Begin | Register | Search | Statistics | File Bank | Manual |
Bugs miniBB Support Forums / Bugs /   

Possible XSS in members list add-on

Author Guest
#1 | Posted: 29 Jul 2008 18:39 
Is this something to worry about? I get the same result in my forum and I am using an older version.

Author Guest
#2 | Posted: 29 Jul 2008 23:01 
I also just found this:

Any fix?

Author Paul
Lead Developer
#3 | Posted: 30 Jul 2008 03:14 
"plugin Rss Remote File Inclusion Vulnerability" from your second post was fixed in RSS add-on a long time ago.

Regarding the first XSS bug - this affects only Memberlist add-on and nothing else, and I wouldn't say there is something critical because such approach doesn't affect the database anyway. However I know there are some cases when it's possible to steal cookie that way and perform other impossible tasks, so I've just fixed the affected memberlist add-on with the following line:

$uniV=$memberSearchVal=htmlspecialchars($memberSearchVal, ENT_QUOTES);

which is put instead of

$uniV=htmlspecialchars($memberSearchVal, ENT_QUOTES);

The package in downloads is fixed as well.

Thank you for mentioning.

Bugs miniBB Support Forums / Bugs /
 Possible XSS in members list add-on
 Share Topic's Link

This topic is closed. New replies are not allowed.


miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Try the Captcha add-on: protect your miniBB-forums from the automated spam and flood.