CMS Development Tracking

February 7th, 2008

The Freetag plugin has been updated to version 2.96 to fix a possible XSS to the tagcloud output.

XSS attacks can be used by visitors to display foreign HTML or JavaScript to visitors of the blog, if they visit specially crafted URLs. This attack basically allows for cookie stealing.

Users of the freetag plugin should upgrade to the latest version; upgrading via Spartacus-Plugin or Spartacus.s9y.org is just a matter of a few minutes. Thanks to Alex from Bitsploit.de for reporting this issue to us.

Related CMS news:

Serendipity 1.2.1 released

Netmirror.org Outage, Spartacus affected.

Serendipity 1.1.4 released, security bug in entryproperties plugin

Posted on Thursday, February 7th, 2008. Filed under Serendipity.

February 7th, 2008

Freetag plugin updated to prevent XSS

About AllCMS.org

CMS in development:

b2evolution

Dragonfly

Drupal

e107

Exponent

Geeklog

Joomla!

Mambo

Nucleus

Nuke-Evolution

PostNuke

Serendipity

TextPattern

Wordpress

Xaraya

XOOPS

XOOPS Cube

CMS in development:

CMS Development Tracking

February 7th, 2008

Freetag plugin updated to prevent XSS

About AllCMS.org

CMS in development: b2evolution Dragonfly Drupal e107 Exponent Geeklog Joomla! Mambo Nucleus Nuke-Evolution PostNuke Serendipity TextPattern Wordpress Xaraya XOOPS XOOPS Cube

CMS in development:

CMS in development:

b2evolution

Dragonfly

Drupal

e107

Exponent

Geeklog

Joomla!

Mambo

Nucleus

Nuke-Evolution

PostNuke

Serendipity

TextPattern

Wordpress

Xaraya

XOOPS

XOOPS Cube