Register on our site is free!

I look forward to have you as a member here on JAKCMS. It will give you a lot of advantages like: get forum support, report bugs or requests to our software, post comments to faq, downloads, blog, gallery and tutorials.

Kind regards
Jérôme 

Member Login

Lost your password?

Lost my Password

Stop, try again!

Not a member yet? Sign Up!

human

 

Cross Site Scripting Flaw

Time: 22.09.2011 / By: xssroot / Hits: 594

Browsers: Firefox, Chrome

Priority: 5 Status: Closed Resolution: None

Description:

Attackers can send crafted messages to other users.For example by sending malicious codes using iframe.Have attached one sample screenshot.Please have a check and fix it asap...

 

Thanks

Hari

 

Attachment:

attach

Votes Up: 0 Votes Down: 0 Rating: 0

Social Bookmarking:

Tags: security-flaw, cross-site-scripting, xss

prev Text on Text :: Security Flaw (Image/Filemanager) next

(3) Visitor Comments

  1. Jerome
    Jerome Posted: 22.09.2011 : 05:14 PM

    Thank you very much for this report, I will check and provide a fix asap!

  2. Jerome
    Jerome Posted: 23.09.2011 : 02:24 PM

    So fixed: This was quite a tricky one, thank you xssroot for pointing me into the right direction.

    Because in PM the previous text is displayed in the tinymce editor as a quote and it will actually show the iframe as it is. tinymce converting the html code into real html and that is bad for a iframe with bad content. This is now fixed in the current version, no more iframes allowed in the tinymce editor!

    You can download the package again or upload this two file from this security fix package.

    iframe fix for tinyMCE

  3. xssroot
    xssroot Posted: 23.09.2011 : 02:51 PM

    yeah smile didnt expect a patch so fast...Respect*. thank you for fixing the issue

    -xssroot

    hari_kris02@yahoo.com