Vulnerability in Jease version 2.8 (and probably prior) has been discovered, which can be exploited to perform cross-site scripting (XSS) attacks. Advisory details were published on High-Tech Bridge Security Advisories page.
Cross-site scripting (XSS) vulnerability in Jease (CVE-2012-4052) existed because input passed via the "author", "subject" and "comment" POST parameters when creating a new comment was not properly sanitised before being returned to the user. According to Wikipedia, Cross-site scripting (XSS) is a type of computer security vulnerability, that enables attackers to inject client-side script into Web pages viewed by other users.
Jease Content Management System is an Open Source CMS which is driven by the power of Java. Jease means "Java with Ease", so Jease promises to keep simple things simple and the hard things (j)easy.
Vulnerability now have status "Fixed", you should upgrade your Jease installation to 2.9 version.
On twitter of High-Tech Bridge we can also see that other advisory about Flogr was published this week. Details will be published later.
No comments:
Post a Comment