Downloads

Download ed_readmore-6.x-3.1.tar.gztar.gz 9.9 KB
MD5: 12173b8d28874a06db8644fc0de6cda0
SHA-1: bbb2b3c7a406cb219006405dc075a2e02569ef57
SHA-256: 4626372f7ef77bfa0ac7ada3988ffffc048f4488b1239be0c608ab319895309c
Download ed_readmore-6.x-3.1.zipzip 10.69 KB
MD5: 70dea0972794932270a5f1fb7bd0b8b9
SHA-1: 0a68c2f32c7b2d028f348d291774cf0240a50636
SHA-256: a8a46ae5f162be5e9afa1ffd88bb35d5d0b3434fffbed08addd62bb9cc56cd55

Release notes

This release addresses a cross-site scripting (XSS) vulnerability. Due to this vulnerability, a user could inject arbitrary scripts into pages affecting other site users. This could result in administrative account compromise leading to web server process compromise. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access administration pages."

SA-CONTRIB-2012-033 - Read More Link - Cross Site Scripting

Created by: Todd Nienkerk
Created on: 7 Mar 2012 at 00:11 UTC
Last updated: 7 Mar 2012 at 20:30 UTC
Git tag 6.x-3.1
Security update

Other releases