A vulnerability has been discovered in the NSN Supporters Module which, under some conditions may allow a hacker to conduct a successful XSS attack on affected sites.
The conditions required are either incorrectly set MIME TYPEs at server level or if the module is configured to allow upload of Supporter images.
With immediate effect:
If you are using this module, ensure you have not allowed image uploads.
A temporary fix is discussed here:
http://ravenphpscripts.com/postx13183-0-0.html
For obvious reasons, I have not detailed how the attack takes place but I am more than happy to discuss the matter by PM with any developers I know so they can fully test fixes etc.
|
This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2874
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2874