Hi
We have been informed of a minor XSS flaw that exists within code for v1.5.0 & v1.51.
Mitigation for the flaw has been posted to our public Github Repository here.
You may need to right click this to download correctly. You should also only use the downloaded file if you are sure you have not changed the original file.
The mitigation is as follows:
1. Edit {ADMIN FOLDER NAME}/includes/functions/general.php
2. change line circa 126 within the zen_get_all_get_params function
Original
PHP Code:
if (($key != zen_session_name()) && ($key != 'error') && (!in_array($key, $exclude_array))) $get_url .= $key . '=' . $value . '&';
to
PHP Code:
if (($key != zen_session_name()) && ($key != 'error') && (!in_array($key, $exclude_array)))
$get_url .= zen_sanitize_string($key) . '=' . rawurlencode(stripslashes($value)) . '&';
Our thanks to
Stefan Schurtz via Secunia SVCRP. for notifying us about the flaw.
Bookmarks