Alert("XSS BUG")

For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
Locked
sjgrafx

Alert("XSS BUG")

Post by sjgrafx »

Hello everyone,

I've just had this comment left on my test site

Alert("XSS BUG")

I am using CMSms 1.0.6. Can anyone tell me what this means, and, more importantly, how to fix it?

the URL to my site is:
http://www.sjgrafx.co.uk/cms

thanks in advance,
Steve.
Top
skypanther

Re: Alert("XSS BUG")

Post by skypanther »

XSS = cross site scripting, in other words, a security hole in CMS-MS. You should upgrade to 1.0.8 as I know a couple of XSS attacks were fixed in that version as compared to 1.0.6. If it happens again, submit a bug report so that the dev team can find and plug the hole.

Tim
Top
sjgrafx

Re: Alert("XSS BUG")

Post by sjgrafx »

Thanks, Tim,

Just upgraded to 1.0.8.......
Let's see if it happens again......

what sort of things are vulnerable with these "holes"?

Steve.
Top
Locked

Return to “CMSMS Core”