Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Badges
Any minute now…spode
- Username
- spode
- Joined
- Visits
- 504
- Last Active
- Roles
- Member
- Badges
- 0
- Points
- 0
- Posts
- 201
Activity
-
This issue is because of an unsafe use of ForceIncomingString() in the addon. Each and every use of this function should be wrapped in htmlspecialchars() to avoid XSS attacks. Edit files the files default.php library/Function.TagThis.php and make change all instances of ForceIncomingString([...]) to htmlspecialchars(ForceIncomingString([...])) and the code should be safe.December 2009 -
Could you check issue #19 at http://code.google.com/p/lussumo-vanilla/issues/detail?id=19 Thanks.December 2009