miniBB Support Forums | 15 years on The Web
miniBB ®


 | Forums | Register | Reply | Search | Statistics | Manual |
News & Announcements miniBB Support Forums / News & Announcements /   

Memberlist add-on updated (XSS issue)

Author Paul
Lead Developer
#1 | Posted: 6 Oct 2008 04:54 | Edited by: Paul 
Members list add-on for miniBB was recently updated because of the possible XSS attack. Despite this issue is very minor and hard to achieve the proper effect, we recommend everybody using this add-on make necessary update of the core addon_members2.php file.

In this file, there are two line fixes of the received variable output:



$morder=(isset($_GET['morder'])?htmlspecialchars($_GET['morder'], ENT_QUOTES):'username');




$memberSearch=(isset($_GET['memberSearch'])?htmlspecialchars($_GET['memberSearch'], ENT_QUOTES):'');

I don't know whom to thank for discovering of this issue because we have received few simultaneous reports from various sources regarding it. Anyway to whom it may appeal: thank you :-)

Let us know if the patch applied will bring new issues.

News & Announcements miniBB Support Forums / News & Announcements /
 Memberlist add-on updated (XSS issue)
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message

You are welcome to post anonymously, by entering a nickname with no password (if the similar Username has not been taken yet), or by leaving both fields empty. If you have a forums account, you can also sign in from this page without posting a message, or sign in and post at once.

Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.

miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Get the Captcha add-on: protect your miniBB-forums from the automated spam and flood.