OpenCMS - Cross site scripting

View: New views

2 Messages — Rating Filter: Alert me

OpenCMS - Cross site scripting

by Hegde, Asha :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Some parts of this message have been removed. Learn more about Nabble's security policy.

Dear Team,

In one of the website it is mentioned that OpenCms is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the users_list.jsp script.

Pls confirm whether opencms has released any patch for this vulnerability.

Thanks and regards,
Asha Hegde
Project Lead
TATA - AIG (ROS)
É 6142 3659

IMPORTANT NOTICE:
The information in this email (and any attachments) is confidential. If you are not the intended recipient, you must not use or disseminate the information. If you have received this email in error, please immediately notify me by "Reply" command and permanently delete the original and any copies or printouts thereof. Although this email and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by American International Group, Inc. or its subsidiaries or affiliates either jointly or severally, for any loss or damage arising in any way from its use.

_______________________________________________
This mail is sent to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://lists.opencms.org/mailman/listinfo/opencms-dev

Re: OpenCMS - Cross site scripting

by Tobias Herrmann :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Dear Asha,

as stated in the release notes of the current version 7.5.1 of OpenCms
we have fixed several issue regarding cross-site scripting.

Please see for yourself:
http://www.opencms.org/en/news/091001_v751_releasenotes.html

Greetings, Tobias

Alkacon Software GmbH - The OpenCms Experts
Tobias Herrmann

http://www.alkacon.com
http://www.opencms.org

Hegde, Asha schrieb:

>
> Dear Team,
>
>
>
> In one of the website it is mentioned that OpenCms is vulnerable to
> cross-site scripting, caused by improper validation of user-supplied
> input by the users_list.jsp script.
>
>
>
> Pls confirm whether opencms has released any patch for this vulnerability.
>
>
>
> **Thanks and regards,***
> **Asha Hegde**
> **Project Lead**
> **TATA - AIG (ROS) ****
> *É **6142 3659**
>
> IMPORTANT NOTICE:
> The information in this email (and any attachments) is confidential.
> If you are not the intended recipient, you must not use or disseminate
> the information. If you have received this email in error, please
> immediately notify me by "Reply" command and permanently delete the
> original and any copies or printouts thereof. Although this email and
> any attachments are believed to be free of any virus or other defect
> that might affect any computer system into which it is received and
> opened, it is the responsibility of the recipient to ensure that it is
> virus free and no responsibility is accepted by American International
> Group, Inc. or its subsidiaries or affiliates either jointly or
> severally, for any loss or damage arising in any way from its use.
> ------------------------------------------------------------------------
>
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/mailman/listinfo/opencms-dev