Security Advisory _________________________________________ _________________________________________ Severity: Medium Title: b2evolution XSS Vulnerability Date: 28.11.06 Author: tarkus (tarkus (at) tiifp (dot) org) Web: https://tiifp.org/tarkus Vendor: b2evolution (http://b2evolution.net/) Affected Product(s): b2evolution 1.8.2 - 1.9 beta - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Description: ------------ http://<victim>/<b2epath>/inc/VIEW/errors/_404_not_found.page.php?bas eurl=[XSS]&app_name=[XSS] http://<victim>/<b2epath>/inc/VIEW/errors/_410_stats_gone.page.php?ap p_name=[XSS] http://<victim>/<b2epath>/inc/VIEW/errors/_referer_spam.page.php?ReqU RI=[XSS]&app_name=[XSS] Workaround: ----------- Put the following line at the beginning of the files. if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' ); Timeline: --------- Reported to Vendor: 10.11.06 Vendor response: 10.11.06 Patch in CVS: 10.11.06
https://tiifp.org/tarkus/advisories/b2evolution111106_02.txt https://tiifp.org/tarkus/advisories/b2evolution111106_01.txt both advisories talk about higher versions than we have in the tree dsd, could you verify that we are not affected by this?
At least the Remote File inclusion Vulnerability mentioned in comment #1 requires register_globals and allow_url_fopen have to be On.
any news here?
I don't understand what the issues are, but I guess we can say it's fixed in the latest version in portage.
"requires register_globals and allow_url_fopen have to be On." Closing. Feel free to reopen if you disagree
(In reply to comment #5) > "requires register_globals and allow_url_fopen have to be On." > > Closing. Feel free to reopen if you disagree > ;-)
