×
Kunena 5.2.5 and Blue eagle 1.6.5 released (30 May 2021)

The Kunena team has announce the arrival of Kunena 5.2.5 [K 5.2.5] which is now available for download as a native Joomla extension for J! 3.9.x. This version addresses most of the issues that were discovered in K 5.2 and issues discovered during the development stages of K 5.2.5

REQUIREMENTS
Blue Eagle 1.6.x requires Kunena 5.2.x to work with, this template isn't designed to works with Bootstrap 3 and Bootstrap 4.

Question Cross-Site Scripting Problem (Java)

More
1 year 9 months ago - 1 year 9 months ago #1 by reufelss
Hello, we have just installed version 5.1.14 and now 5.1.15 DEV. Unfortunately, Java scripts, e.g. when replying to posts, can be execute in the header.

We testet it with the script "><script>alert(1)</script>

This will be a security problem. What can we do?

Best regards
Stefan
Attachments:
Last edit: 1 year 9 months ago by reufelss. Reason: incl. Images

Please Log in or Create an account to join the conversation.

More
1 year 9 months ago #2 by rich
You have tried to add images here: www.kunena.org/forum/76-Official-Announc...curity-update#211132
Please add the images again here but do not use the browser back option if you want to add images, otherwise the attachments will not uploaded.

Please Log in or Create an account to join the conversation.

More
1 year 9 months ago #3 by YourFavoriteSpamBot

Hello, we have just installed version 5.1.14 and now 5.1.15 DEV. Unfortunately, Java scripts, e.g. when replying to posts, can be execute in the header.

We testet it with the script "><script>alert(1)</script>

This will be a security problem. What can we do?

Best regards
Stefan


Got more information e.g. exact location or some screenshots?
If there is still any issue I'm interested to know more (yet, this might not be the right place to publicly discuss security issues^^)

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Time to create page: 0.554 seconds