Jamroom Logo Jamroom 5 Core
is now Open Source!
archive home jamroom 4 downloads jamroom 4 support archive forum
You are viewing the Jamroom 4 Archive Site - please join us on the new Jamroom.net!
Follow Jamroom on Twitter!
Bug Report

XSS vulnerability in forum.php script
Resolved
Affects: Jamroom Power Pack
Priority: High
Created: 06/22/10 19:26
Resolved: 06/24/10 03:37
Created By: Brian
Details
the Jamroom Power pack forum.php script does not fully sanitize the "post_id" variable, which leaves it open to a specially crafted XSS attack.

http://www.htbridge.ch/advisory/xss_vulnerability_in_jamroom.html

This was fixed in Jamroom 4.1.9 on June 2nd, 2010
Resolution
This was fixed in Jamroom 4.1.9 - if you are running an older version of the Jamroom 4 Power Pack addon, make sure and at least upgrade to the latest release of the "forum.php" script found in the Power Pack 4.1.9 download.
Solutions Products Support Community Company
Social Media Platform
Social Networking Software
Musician Website Manager
Community Builder 		Jamroom 5
Jamroom 5 Modules
Jamroom Marketplace 		Support Forum
Documentation
Support Center
Contact Support 		Community Forum
Member Sites
Developers 		About Us
Contact Us
Privacy Policy
©2003 - 2024 The Jamroom Network