Home > News > Security news > XOOPS Cube Legacy 2.1.6a (security release) Released!

XOOPS Cube Legacy 2.1.6a (security release) Released!

3
minahito
minahito submitted 2009/4/2 12:00, published 2009/4/2 12:00 | 25742 views
Tags:
http%3A%2F%2Fsourceforge.net%2Fforum%2Fforum.php%3Fforum_id%3D936884

The project released XOOPS Cube Legacy 2.1.6a that is security release for XCL 2.1.6 or less. You can download full-package 2.1.6a, diff package from 2.1.6 to 2.1.6a and patch package for 2.1.5 or less.

This XSS security hole is level 2 of our security range in seriousness. The project recommends that you update as early as possible.

XOOPS Cube Legacy XSS vulerability

A cross site scripting (XSS) vulnerability was found in XOOPS Cube
Legacy. It is recommended that all websites running XOOPS Cube Legacy version 2.1.6 or earlier apply the security patch or edit custom template files to fix the vulnerability.

If you are using the Hodajuku distribution or have the Protector module installed on Xoops Cube Legacy, then your website is probably not vulenrable to this issue.

[Affected versions]
- XOOPS Cube Legacy 2.1.6 or earlier

[Summary of the vulnerability]
A cross site scripting (XSS) vulnerability is a security vulnerability which allows script injection by malicious web users into the web pages viewed by other users.

[How to apply the patch]
- For users using XOOPS Cube Legacy 2.1.6
Download and uncompress the 2.1.6a diff package, and then upload the files included in the html directory to the server. If the patch is applied correctly, the version should display as XOOPS Cube Legacy 2.1.6a.

- For users using XOOPS Cube Legacy 2.1.5 or earlier
There is a different diff package available for these versions. Download and uncompress the patch package, and then upload the files included in the html directory to the server. The package also includes other security fixes that have been added up until 2.1.6. However, it is recommended that you upgrade to the latest 2.1.6a version if possible.

[Notes]
If you are unsure about where to upload the files, please contact the community websites and ask the people there for help first before actually applying the patch!

- Full Package 2.1.6a
- Diff Package from 2.1.6 to 2.1.6a
- Path for 2.1.5 or less

Onokazu will translate an official security announce later.

Comments (0)

Newest first | Oldest first | Nested view | RSS feed

Trackbacks (0)

Newest first | Oldest first | RSS feed

Votes (3)

Newest first | Oldest first | RSS feed
 
    Activity | Contributions



    Who's Online
    11 user(s) are online (1 user(s) are browsing Plugg(Plugg))

    Members: 0
    Guests: 11

    more...

    Welcome | News | Overview | Documentation | Forum | Tutorialstop
    Brasilian | French | German | Greek | Japanese | Korean | Russian | T-Chinese
    Powered by XOOPS Cube 2001-2011 The XOOPS Cube Project