Scoutnet vzw

We connect scouts!
Het is momenteel 19 Mrt 2024 6:16

Alle tijden zijn UTC + 1 uur




Plaats een nieuw onderwerp Reageren op dit onderwerp  [ 1 bericht ] 
Auteur Bericht
BerichtGeplaatst: 03 Apr 2008 21:57 
Offline
Site Admin
Site Admin
Gebruikers-avatar

Geregistreerd: 17 Jul 2002 23:00
Berichten: 1522
Woonplaats: Wetteren
------------SA-2008-023 - UBERCART - CROSS SITE SCRIPTING------------

* Advisory ID: DRUPAL-SA-2008-023
* Project: Ubercart (third-party module)
* Version: 5.x
* Date: 2008-April-02
* Security risk: Moderately critical
* Exploitable from: Remote
* Vulnerability: Cross site scripting

------------DESCRIPTION------------

During checkout in Ubercart enabled stores, customers have text fields in which to enter their address and order information. Some stores will have modules enabled that restrict what sort of values are accepted in these fields, but this is not the case for everyone. This provides an opportunity for a malicious user to perform a cross site scripting attack when the orders are displayed on administrative pages (particularly the order view page).

All users are encouraged to update to the latest version. Be sure to verify the compatibility of your contrib modules as you perform the update. (Recent beta users should not run into any compatibility issues.)

------------VERSIONS AFFECTED------------

* Ubercart for Drupal 5.x prior to 5.x-1.0-rc1

Drupal core is not affected. If you do not use the contributed Ubercart module, there is nothing you need to do.

------------SOLUTION------------

Install the latest version:

* Ubercart 5.x-1.0-rc1 [ http://drupal.org/node/241016 ].

See also the Ubercart project page [ http://drupal.org/project/ubercart ].

------------REPORTED BY------------

chadcrew [ http://www.ubercart.org/user/1002 ] reported the issue via private message at Ubercart.org, and the Ubercart team was able to adjust the code in various modules in the project accordingly.

------------CONTACT------------

The security contact for Drupal can be reached at security at drupal.org or via the form at [ http://drupal.org/contact ].


Omhoog
 Profiel  
 
Berichten weergeven van de afgelopen:  Sorteer op  
Plaats een nieuw onderwerp Reageren op dit onderwerp  [ 1 bericht ] 

Alle tijden zijn UTC + 1 uur


Wie is er online?

Gebruikers in dit forum: Geen geregistreerde gebruikers en 4 gasten


U mag geen nieuwe onderwerpen plaatsen in dit forum
U mag geen reacties plaatsen op onderwerpen in dit forum
U mag uw berichten niet wijzigen in dit forum
U mag uw berichten niet verwijderen in dit forum
U mag geen bijlagen plaatsen in dit forum

Zoeken naar:
Ga naar:  
cron
Powered by phpBB® Forum Software © phpBB Group
Vertaald door phpBBservice.nl.