Guardian2003 writes:A vulnerability has been discovered in the NSN Supporters Module which, under some conditions may allow a hacker to conduct a successful XSS attack on affected sites.
The conditions required are either incorrectly set MIME TYPEs at server level or if the module is configured to allow upload of Supporter images.
With immediate effect:
If you are using this module, ensure you have not allowed image uploads.
A temporary fix is discussed here:
http://ravenphpscripts.com/postx13183-0-0.html
For obvious reasons, I have not detailed how the attack takes place but I am more than happy to discuss the matter by PM with any developers I know so they can fully test fixes etc.
NSN Supporters Module VulnerabilityPosted on Sunday, April 22, 2007 @ 02:33:04 CDT in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
