Downloads
Release notes
Fix for SA-CONTRIB-2011-039 - Bot Alarm - Multiple vulnerabilities
Vulnerability: Cross Site Scripting
The module does not properly escape the message and channels of alarms in pages listing the alarms, leading to a Cross Site Scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission 'administer bot'.
Vulnerability: Cross Site Request Forgery
The module does not check for any one-time-use tokens when deleting an alarm, leading to a Cross Site Request Forgery (CSRF ) vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission 'administer bot'.