PEAK XOOPS - XSS in piCal-0.91h in englishin japanese

Archive | RSS |
XOOPS
XOOPS : XSS in piCal-0.91h
Poster : GIJOE on 2009-02-23 04:40:20 (45175 reads)

in englishin japanese
a XSS is found in piCal-0.91h

You'd better to select just ONE of these actions

(1) update piCal into the latest version >= 0.92
- recommend for site owners using piCal as is

(2) overwrite just piCal/index.php in the latest archive
- recommend for site owners using piCal with some hacks

(3) patch piCal/index.php manually
- recommend for experts. it's an easy patch

line 154 in index.php


		$xoopsTpl->assign( 'print_link' , "$mod_url/print.php?event_id={$_GET['event_id']}&action=View" ) ;
		$xoopsTpl->assign( 'print_link' , "$mod_url/print.php?event_id=".intval($_GET['event_id'])."&action=View" ) ;


If you use Protector and turning "enable anti-XSS (BigUmbrella)" on, don't worry about it. The feature of "anti-XSS" can protect attacks via XSS entirely.

Anyway, you'd better update piCal if you use older piCal.

And I strongly recommend you to turn "enable anti-XSS (BigUmbrella)" on, even if you use piCal.

0 comments
Printer friendly page Send this story to a friend

Comments list

View more comments...
Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!