Kunena 6.3.0 released

The Kunena team has announce the arrival of Kunena 6.3.0 [K 6.3.0] in stable which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x/5.1.x. This version addresses most of the issues that were discovered in K 6.2 and issues discovered during the last development stages of K 6.3

Question Cross-Site Scripting Problem (Java)

More
4 years 7 months ago - 4 years 7 months ago #1 by reufelss
Cross-Site Scripting Problem (Java) was created by reufelss
Hello, we have just installed version 5.1.14 and now 5.1.15 DEV. Unfortunately, Java scripts, e.g. when replying to posts, can be execute in the header.

We testet it with the script "><script>alert(1)</script>

This will be a security problem. What can we do?

Best regards
Stefan
Last edit: 4 years 7 months ago by reufelss. Reason: incl. Images

Please Log in or Create an account to join the conversation.

More
4 years 7 months ago #2 by rich
Replied by rich on topic Cross-Site Scripting Problem (Java)
You have tried to add images here: www.kunena.org/forum/76-Official-Announc...curity-update#211132
Please add the images again here but do not use the browser back option if you want to add images, otherwise the attachments will not uploaded.

Please Log in or Create an account to join the conversation.

More
4 years 7 months ago #3 by YourFavoriteSpamBot
Replied by YourFavoriteSpamBot on topic Cross-Site Scripting Problem (Java)

reufelss wrote: Hello, we have just installed version 5.1.14 and now 5.1.15 DEV. Unfortunately, Java scripts, e.g. when replying to posts, can be execute in the header.

We testet it with the script "><script>alert(1)</script>

This will be a security problem. What can we do?

Best regards
Stefan


Got more information e.g. exact location or some screenshots?
If there is still any issue I'm interested to know more (yet, this might not be the right place to publicly discuss security issues^^)

Please Log in or Create an account to join the conversation.

Time to create page: 0.581 seconds