Page 1 of 1
Cross-Site Scripting Vulnerability
Posted: 18 May 2013, 21:17
by myrtus
Hello.
Today I have seen, there is a Cross-Site Scripting Vulnerability in PhocaGallery <=3.2.3.
secunia.com/advisories/53382/
Re: Cross-Site Scripting Vulnerability
Posted: 20 May 2013, 18:04
by Jan
Hi, tested but got no such problem but in every case, plupload library with its swf updated to latest version (where there should be no problems)
Please update to Phoca Gallery 3.2.4
Jan
Re: Cross-Site Scripting Vulnerability
Posted: 21 May 2013, 06:20
by myrtus
Hi Jan,
thank you very much. Are there only changes in the folder plupload? If yes, so I can only upload this folder, because I have made some changes in the gallery.
Best regard,
myrtus
Re: Cross-Site Scripting Vulnerability
Posted: 21 May 2013, 09:01
by josk
I tested this with the 4.0 version for Joomla 3.0 and there the problem still existed.
Re: Cross-Site Scripting Vulnerability
Posted: 25 May 2013, 00:07
by Jan
Hi, in Phoca Gallery 3.2.4 there were changes in plupload and in output files (default.php, ...)
joskf
Phoca Gallery 4 is a development version and should be used for testing only. Next version (it seems stable) will include new plupload version.
Jan