package: interchange-cat-foundation version: 5.2.0-2 tags: security Important: Security flaw found in Interchange demo catalog.
A security flaw has been discovered in the Interchange demo catalog which allows an arbitary user to inject Interchange Tag Language (ITL) into the forum/submit.html page. This affects catalogs built on the 'foundation' dem included with Interchange from version 4.9.3 (development) and 5.0 (stable). The Interchange Development Group recommends that all vulnerable catalogs are immediately patched with the updated version of the forum/submit.html file. Alternatively, if the forum feature is not being used, the page can safely be removed. Whether or not the forum feature is being used, this page should be patched or removed. -- LinuXia Systems => http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP => http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
