×
Kunena 5.2 RC 1 Released (Yesterday)

The Kunena team is thrilled to announce the first public release candidate of Kunena 5.2, a native Joomla extension for Joomla 3.9. This is a development release and should be only be used for testing; this version is not recommended for live websites at this stage.

The purpose of this release is to encourage testing by downloading, installing and identifying any problems or shortcomings that people may discover. K 5.2.0 RC1 is stable and we are aware that people will discover defects. We encourage you to use the forum to report defects, as soon as they are discovered, so that the development team can work through the problems before the release of K 5.1 as a stable product. Reporting defects does not mean that the problems can or will be fixed. The Kunena team is looking forward to hearing your feedback on how well we have achieved our design goals.

Question Cross-Site Scripting Problem (Java)

More
1 year 1 month ago - 1 year 1 month ago #1 by reufelss
Hello, we have just installed version 5.1.14 and now 5.1.15 DEV. Unfortunately, Java scripts, e.g. when replying to posts, can be execute in the header.

We testet it with the script "><script>alert(1)</script>

This will be a security problem. What can we do?

Best regards
Stefan
Attachments:
Last edit: 1 year 1 month ago by reufelss. Reason: incl. Images

Please Log in or Create an account to join the conversation.

More
1 year 1 month ago #2 by rich
You have tried to add images here: www.kunena.org/forum/76-Official-Announc...curity-update#211132
Please add the images again here but do not use the browser back option if you want to add images, otherwise the attachments will not uploaded.

Please Log in or Create an account to join the conversation.

More
1 year 1 month ago #3 by YourFavoriteSpamBot

reufelss wrote: Hello, we have just installed version 5.1.14 and now 5.1.15 DEV. Unfortunately, Java scripts, e.g. when replying to posts, can be execute in the header.

We testet it with the script "><script>alert(1)</script>

This will be a security problem. What can we do?

Best regards
Stefan


Got more information e.g. exact location or some screenshots?
If there is still any issue I'm interested to know more (yet, this might not be the right place to publicly discuss security issues^^)

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Time to create page: 0.477 seconds