Unsanitized & unescaped user supplied output in CMSimple_XH
Posted: Tue Sep 27, 2016 4:30 pm
Due to the release of CMSimple 4.6.4, I've become aware of an unsanitized and unescaped output of user supplied input issue in CMSimple_XH. This issue can be exploited to temporarily deface the website, and it might even constitute an exploitable Cross-Site-Scripting (XSS) vulnerability.
As the cat is out of the bag, there's no need for further secrecy, so I'm offering the following quick fix for XH 1.6.7. Change cmsimple/functions line 675 to:
I think that we'll release XH 1.6.8 with a fix for this issue plus a few out-standing bug fixes within the next two weeks.
As the cat is out of the bag, there's no need for further secrecy, so I'm offering the following quick fix for XH 1.6.7. Change cmsimple/functions line 675 to:
Code: Select all
$o .= '<p>File ' . XH_hsc($fl) . '</p>';