×
Kunena 5.1.18 Released (30 Jun 2020)

The Kunena team has announce the arrival of Kunena 5.1.18 [K 5.1.18] which is now available for download as a native Joomla extension for J! 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1.

Question Cross-Site Scripting Problem (Java)

More
10 months 6 days ago - 10 months 2 days ago #1 by reufelss
Hello, we have just installed version 5.1.14 and now 5.1.15 DEV. Unfortunately, Java scripts, e.g. when replying to posts, can be execute in the header.

We testet it with the script "><script>alert(1)</script>

This will be a security problem. What can we do?

Best regards
Stefan
Attachments:
Last edit: 10 months 2 days ago by reufelss. Reason: incl. Images

Please Log in or Create an account to join the conversation.

More
10 months 5 days ago #2 by rich
You have tried to add images here: www.kunena.org/forum/76-Official-Announc...curity-update#211132
Please add the images again here but do not use the browser back option if you want to add images, otherwise the attachments will not uploaded.

Please Log in or Create an account to join the conversation.

More
10 months 3 days ago #3 by YourFavoriteSpamBot

reufelss wrote: Hello, we have just installed version 5.1.14 and now 5.1.15 DEV. Unfortunately, Java scripts, e.g. when replying to posts, can be execute in the header.

We testet it with the script "><script>alert(1)</script>

This will be a security problem. What can we do?

Best regards
Stefan


Got more information e.g. exact location or some screenshots?
If there is still any issue I'm interested to know more (yet, this might not be the right place to publicly discuss security issues^^)

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Time to create page: 0.571 seconds