Potential XSS Issue with Anonymous Comments

Bjarne Mathiesen Schacht has reported a potential XSS issue when a site accepts anonymous comments. To resolve the issue, please update the lib-comment.php file in the private/system/ directory.

You can also disable anonymous comments which resolve the issue as well. It is still recommended that you apply the following update.

This fix can be applied to v1.1.0 and v1.1.1 of glFusion. If you are running an older version, please update to the latest release version as soon as possible.


by Mark

Mark is the main developer on glFusion. When not doing his real job and playing with his family, he really enjoys working on glFusion and the collaboration with the glFusion community.

Share It

Comments are closed