iDEV Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

IDEVSPOT COMMUNITY FORUMS. -----( ( ( NOT FOR OFFICIAL TECH SUPPORT ) ) )-----

Author Topic: Authentication Bypass and Cross-site scripting (XSS) Vulnerabilitys  (Read 2615 times)

0 Members and 1 Guest are viewing this topic.

jakewood

  • Newbie
  • *
  • Posts: 1
    • View Profile
Authentication Bypass and Cross-site scripting (XSS) Vulnerabilitys
« on: November 15, 2007, 10:11:45 PM »
I am very interested in this product.  I normally do a search on Google to see what comes up on all products I look at.

I see there are many references to the following Authentication Bypass and Cross-site scripting (XSS) Vulnerabilitys;

National Cyber-Alert System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4894
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4895

NixieAffiliate Delete.PHP Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/20086

NixieAffiliate lostpassword.php cross-site scripting
http://xforce.iss.net/xforce/xfdb/29024
http://xforce.iss.net/xforce/xfdb/29022

CVE ALERT DETAIL : CVE-2006-4894 - Cross-site scripting (XSS) vulnerability in forms/lostpassword.php
http://www.security-database.com/detail.php?cve=CVE-2006-4894

I am surprised that there are no posts for this issue.
Can someone shine some light on this?   All these links are for the 1.9 version...current version.

Are these problems being looked at?
Logged

arron

  • iDevSpot
  • Administrator
  • Hero Member
  • *****
  • Gender: Male
  • Posts: 1202
    • View Profile
    • WWW
Re: Authentication Bypass and Cross-site scripting (XSS) Vulnerabilitys
« Reply #1 on: November 20, 2007, 09:47:24 AM »
These issues are out of date, have been patched.
Logged
Join our Facebook Fan Page to receive special offers & update information : http://www.facebook.com/pages/iDevSpot/157097554841