Security advisory: URL Manipulation
From KnowledgeTree Community
Contents |
Description
Input appended to the URL after multiple files is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Thanks to High-Tech Bridge SA Security Research Lab for reporting the issue
Affected Installations
3.7.0.2 Commercial and Community Editions
Severity
CRITICAL
How to resolve this issue
To resolve this issue, please perform the following steps:
1) Locate and backup the following file: <KnowledgeTree Directory>/config/dmsDefaults.php
2) Replace the file with the version available in the zip file here:
dmsDefaults.zip<u</u>
Note To All KnowledgeTree Live and Software as a Service Customers
No action required by you.
Bookmark this page:
del.icio.us
digg
reddit
facebook
stumbleupon
del.icio.us
digg
reddit
facebook
stumbleupon
