MARKSVIRTUALDESK Reply #1, 4 years, 5 months ago
It has come to my attention, thanks to forum user neroz, that there is a small XSS vulnerability in Ditto 2.0.2. Although 2.1 is nearly ready, I will be away for the next 10 days or so and do not wish to release something I will not be able to support. Therefore, I've created a patched version of Ditto 2.0.2, which has now been released as 2.0.3. If your site makes extensive use of javascript or cookies, it would be wise to update your Ditto install. Otherwise, stay tuned for Ditto 2.1 in the near future!
To find out more about the dangers of XSS check out http://www.cgisecurity.com/articles/xss-faq.shtml.
Note: The results per page addon has been patched as well. You can get it from the repository.
To find out more about the dangers of XSS check out http://www.cgisecurity.com/articles/xss-faq.shtml.
Note: The results per page addon has been patched as well. You can get it from the repository.
