Package: b2evolution Severity: normal Tags: security patch b2evolution 1.8.7 fixes a XSS vulnerability that seems to be present in 0.9.2-3.
See [1] for details.
Solution: in the file .../htsrv/login.php replace the $redirect_to in
$error .= ' <a href="'.$redirect_to.'">'.T_('Continue...').'</a>';
by htmlspecialchars($redirect_to)
[1] http://secunia.com/advisories/23656
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
