×
Kunena 5.1.14 Released - Security release (13 Aug 2019)

The Kunena team is proud to announce the arrival of Kunena 5.1.14 [K5.1.14] which is now available for download as a native Joomla extension for Joomla 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1.14. This update fixed 1 security issue.

Question Cross-Site Scripting Problem (Java)

More
2 weeks 2 days ago - 1 week 5 days ago #1 by reufelss
Hello, we have just installed version 5.1.14 and now 5.1.15 DEV. Unfortunately, Java scripts, e.g. when replying to posts, can be execute in the header.

We testet it with the script "><script>alert(1)</script>

This will be a security problem. What can we do?

Best regards
Stefan
Attachments:
Last edit: 1 week 5 days ago by reufelss. Reason: incl. Images

Please Log in or Create an account to join the conversation.

More
2 weeks 2 days ago #2 by rich
You have tried to add images here: www.kunena.org/forum/76-Official-Announc...curity-update#211132
Please add the images again here but do not use the browser back option if you want to add images, otherwise the attachments will not uploaded.

Please Log in or Create an account to join the conversation.

More
1 week 6 days ago #3 by YourFavoriteSpamBot

reufelss wrote: Hello, we have just installed version 5.1.14 and now 5.1.15 DEV. Unfortunately, Java scripts, e.g. when replying to posts, can be execute in the header.

We testet it with the script "><script>alert(1)</script>

This will be a security problem. What can we do?

Best regards
Stefan


Got more information e.g. exact location or some screenshots?
If there is still any issue I'm interested to know more (yet, this might not be the right place to publicly discuss security issues^^)

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Time to create page: 0.098 seconds