XOOPS Cube Legacy 2.1.6a (security release) Released!
XOOPS Cube Legacy XSS vulerability
A cross site scripting (XSS) vulnerability was found in XOOPS Cube
Legacy. It is recommended that all websites running XOOPS Cube Legacy version 2.1.6 or earlier apply the security patch or edit custom template files to fix the vulnerability.
If you are using the Hodajuku distribution or have the Protector module installed on Xoops Cube Legacy, then your website is probably not vulenrable to this issue.
- XOOPS Cube Legacy 2.1.6 or earlier
[Summary of the vulnerability]
A cross site scripting (XSS) vulnerability is a security vulnerability which allows script injection by malicious web users into the web pages viewed by other users.
[How to apply the patch]
- For users using XOOPS Cube Legacy 2.1.6
Download and uncompress the 2.1.6a diff package, and then upload the files included in the html directory to the server. If the patch is applied correctly, the version should display as XOOPS Cube Legacy 2.1.6a.
- For users using XOOPS Cube Legacy 2.1.5 or earlier
There is a different diff package available for these versions. Download and uncompress the patch package, and then upload the files included in the html directory to the server. The package also includes other security fixes that have been added up until 2.1.6. However, it is recommended that you upgrade to the latest 2.1.6a version if possible.
If you are unsure about where to upload the files, please contact the community websites and ask the people there for help first before actually applying the patch!
- Full Package 2.1.6a
- Diff Package from 2.1.6 to 2.1.6a
- Path for 2.1.5 or less
Onokazu will translate an official security announce later.