Jamroom: Tracker: XSS vulnerability in forum.php script

Member Spotlight

Mediakinesis
"Media-Kinesis is an evolving multi-media community, designed to add value and strength to a music or video artists promotional strategies. Our musicians get high quality web sites featuring MP3 and WMV, and our listeners get the pleasure of streaming and downloading music and video legally! We've been providing multi-media on the web for over 8 years, and now with Jamroom we finally have the media/artist management technology that we've been missing!"

Bug Report

XSS vulnerability in forum.php script	Resolved
Affects: Jamroom Power Pack
Priority: High
Created: 06/22/10 19:26
Resolved: 06/24/10 03:37
Created By: Brian

Details

the Jamroom Power pack forum.php script does not fully sanitize the "post_id" variable, which leaves it open to a specially crafted XSS attack.

http://www.htbridge.ch/advisory/xss_vulnerability_in_jamroom.html

This was fixed in Jamroom 4.1.9 on June 2nd, 2010

Resolution
This was fixed in Jamroom 4.1.9 - if you are running an older version of the Jamroom 4 Power Pack addon, make sure and at least upgrade to the latest release of the "forum.php" script found in the Power Pack 4.1.9 download.

Solutions	Products	Support	Community	Company
Social Media Platform Social Networking Software Musician Website Manager Community Builder	Jamroom Core Jamroom Addons Jamroom Modules Jamroom Marketplace	Support Forum Documentation Support Center Contact Support	Community Forum Member Sites Developers	About Us Contact Us Privacy Policy
©2003 - 2013 The Jamroom Network