CMS Development Tracking

A minor security vulnerability was reported where a malicious user could create an account using certain tags as their username, firstname, lastname or email address which would cause javascript errors in the user administration interface.

This patch will update the files to necessary to clean the data before it gets added to the database to safeguard against these attacks.

This vulnerability applies to all versions of Exponent. Patches have made for all releases, including the 97.0-Alpha.

The patch can be applied using the Extension Upload utility or you can simply unzip the package in your root Exponent directory to overwrite the old files with the new patched versions.

The patch can be downloaded here.

Related CMS news:

Security Patch for 0.96.6

Security Fix and Performance Enhancements

RSS Patch Updated

Posted on Thursday, April 17th, 2008. Filed under Exponent. You can skip to the end and leave a response. Pinging is currently not allowed.

April 17th, 2008

Security Patch Released

Leave a Reply

About AllCMS.org

CMS in development:

b2evolution

Dragonfly

Drupal

e107

Exponent

Geeklog

Joomla!

Mambo

Nucleus

Nuke-Evolution

PostNuke

Serendipity

TextPattern

Wordpress

Xaraya

XOOPS

XOOPS Cube

CMS in development: