-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all,
an XSS security issue was found in LAM (Pro). There is a patch available here: https://sourceforge.net/p/lam/bugs/156/#a1dc The XSS requires a POST action. It is not sufficient to click on a malicious link. This is a client side issue. It does not allow to attack the LAM server itself. - -- Best regards Roland Gruber LDAP Account Manager https://www.ldap-account-manager.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iEYEARECAAYFAlJlbDEACgkQq/ywNCsrGZ7apACfVxBHkTYVh9f1IN4OKf1o4svZ yowAnil1yIEg61KgCFngmi72ajWNTo6a =sj+z -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ Lam-public mailing list Lam-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lam-public