LxCenter Forum: Fixed Bugs, Security Issues and Implemented Features » XSS issue in custom buttons and favorites.

HyperVM & Kloxo Support

Forum

Members

Help

Home

Home » Archive » Fixed Bugs, Security Issues and Implemented Features » XSS issue in custom buttons and favorites.

Show: Today's Messages :: Show Polls :: Message Navigator

XSS issue in custom buttons and favorites. [message #61819]

Fri, 10 April 2009 13:48

Lxhelp
Messages: 23691
Registered: July 2006

The Champion

There was a silly XSS problem with custom buttons and favorites, where someone could add a <script> </script> as button which could make hyperVM/Lxadmin redirect the entire page to that particular page.

There is only one situation where it can can be used as XSS, that's if admin very specifically logs in as another user.

Other than that this is not an issue, since only admin can add custom buttons, and only the logged in user can add favorites.

This has been fixed.

Please update hyperVM/Lxadmin to the latest version.

Report message to a moderator

Next Topic:

horde security issue

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Wed May 22 02:32:15 EDT 2013

Total time taken to generate the page: 0.01006 seconds

.:: Contact :: Home :: Privacy ::.

Click here to lend your support to: LxCenter and make a donation at www.pledgie.com !