Hi everybody!
If debug mode is enabled, but _XHdebug.txt contains anything else than a single ASCII character, respective error messages are displayed not only in admin mode, thus causing information leakage.
This issue most likely affects all CMSimple_XH versions so far.
So ensure that debug mode is disabled, or that _XHdebug.txt contains only a single ASCII character!
See also https://github.com/cmsimple-xh/cmsimple-xh/issues/293.
Potential information leakage with active debug mode
Potential information leakage with active debug mode
Christoph M. Becker – Plugins for CMSimple_XH