[27217] in bugtraq
Re: Xoops RC3 script injection vulnerability
daemon@ATHENA.MIT.EDU (RuIezz@aol.com)
Sat Sep 28 15:38:25 2002
Date: Fri, 27 Sep 2002 20:00:46 EDT
From: RuIezz@aol.com
To: <w4z002@hotmail.com>
Content-Language: fr
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Message-ID: <193.dffa02b.2ac64b2f@aol.com>
>Xoops settings : admin > system admin > preferences > >html OFF (for what
>do you think that exist this ??)
The webmaster must do it himself, I said that if he doesn't make care, some code will be insert.
That's why I called it vulnerability and not hole as you said (there's a difference).
>Nopes we can't add all new vulnerability to the >textsanitizer,
But that's what the french team tell me by mail.
And you can also see it on this link: http://www.frxoops.org/modules/news/article.php?storyid=576.
So if XOOPS team gives wrong informations, I'm not responsible for this kind of error.
dAs
http://www.echu.org
