Content - Blog

Currently the posts are filtered by: Security
Reset this filter to see all posts.

Categories: ReleasesSecurity

Security bulletin: Cross-site scripting vulnerability in third party library

26.04.2011PermalinkComments 0

A vulnerability has been discovered in the todoyu third party library calendar, which can be exploited by malicious people to conduct cross-site scripting attacks (read the report).
Input passed via the "lang" parameter to lib/js/jscalendar/php/test.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Although the criticality level is classified as low, please update your todoyu installation to version 2.0.9.

Download the latest version of todoyu

Pages:

Categories

Recent Comments

  • Kay28.09.2011

    Hi Sergey, this varies from system to system, but i added an example into the post.

  • Sergey14.09.2011

    Could you,please, give an example how cron config file should look like?

  • Dominic12.08.2011

    ... then stop eating these little pills your brother gave you...

Stay tuned

RSS 2.0Posts
RSS 2.0Comments

Latest tweets

follow us on
www.twitter.com/todoyu

Social Bookmarks