XSS Security Issue in PackageController fixed

Datum: 06.03.2020 21:23

A cross-site-scripting security issue in the uninstall package feature was reported by Ngo Van Thien, Sun* Inc.

Since this vulnerability requires a user to be authenticated this is only a low impact security issue for most sites.

The issue affects UliCMS Version 2018.4 to 2020.1.
The security hotfix FixPackageControllerXSS was released for UliCMS 2019.4 to 2020.1.
If you still use an older release of UliCMS you should upgrade to a supported version and then install the patch.

Version 2020.2 will include the fix at release state.

« UliCMS 2020.1 with avatar upload, improved performance and support to set robots metatag by pageStored XSS security flaw in PageController fixed »

Comments

Name: *  
Homepage:  
Email: *  

 Ich habe die Datenschutzerklärung zur Kenntnis genommen. Ich stimme zu, dass meine Angaben und Daten zur Beantwortung meiner Anfrage elektronisch erhoben und gespeichert werden. Hinweis: Sie können Ihre Einwilligung jederzeit für die Zukunft per E-Mail an daten-entfernen@ulicms.de widerrufen.

There is 1 Comment until now.

#1

Gravatar Ngo Van Thien

Name: Ngo Van Thien
Date: 19.03.2020 07:30

Reflected XSS is confirmed but Store XSS is not

Don't click this link