A potential information leakage in the newsbox() function has been found, and already fixed in CMSimple_XH 1.7.1. Although CMSimple_XH 1.6 had it's end of life, and it not recommended to run this version anymore, if you can't yet update to 1.7.1 for whatever reason, it is recommended to fix the bug yourself. The fix is identical to the one for CMSimple_XH 1.7.0.
A place for security related announcements and discussions - please check this forum frequently!
1 post • Page 1 of 1