A potential XSS vulnerability has been fixed with the latest Campsite release, which also improves session handling to avoid logged user session grabbing via CSRF attack. The vulnerability was discovered by High-Tech Bridge SA, Ethical Hacking & Penetration Testing. The developers have also taken this opportunity to improve the universal list function that allows the user to choose how to list articles in the admin interface and search those articles as well as further update the UI redesign. The next Campsite update is due at the end of August.
Full story »
http://www.sourcefabric.org –
- Login to post comments