Jamroom Logo Jamroom 5 Core
is now Open Source!
Follow Jamroom on Twitter!

XSS vulnerability in forum.php script
Resolved
Affects: Jamroom Power Pack
Priority: High
Created: 06/22/10 19:26
Resolved: 06/24/10 03:37
Created By: Brian
Details
the Jamroom Power pack forum.php script does not fully sanitize the "post_id" variable, which leaves it open to a specially crafted XSS attack.

http://www.htbridge.ch/advisory/xss_vulnerability_in_jamroom.html

This was fixed in Jamroom 4.1.9 on June 2nd, 2010
Resolution
This was fixed in Jamroom 4.1.9 - if you are running an older version of the Jamroom 4 Power Pack addon, make sure and at least upgrade to the latest release of the "forum.php" script found in the Power Pack 4.1.9 download.
Solutions Products Support Community Company
Social Media Platform
Social Networking Software
Musician Website Manager
Community Builder
Jamroom 5
Jamroom 5 Modules
Jamroom Marketplace
Support Forum
Documentation
Support Center
Contact Support
Community Forum
Member Sites
Developers
About Us
Contact Us
Privacy Policy
©2003 - 2024 The Jamroom Network