Blog with a focus on DotNetNuke news, tips and tricks, DNN SEO, and insights and opinions about the DNN community at large.
Posted by Tom on Wednesday, April 04, 2007 to DotNetNuke, DNN News, DNN Tips and Tricks
It has been brought to my attention that the DNN forum module is susceptible to a cross-site scripting exploit. Since I've never used the module myself I cannot validate these claims. However, for the sake of “better safe than sorry,” I encourage anybody using the module to head over to Mitchel Sellers’ blog where he provides step-by-step instructions on how to secure the forum module until a permanent fix is in place.
I have not seen anything on dotnetnuke.com in regards to the issue. Have you?
Permalink 1 Comments RSS feeds Email updates
By Mitchel Sellers on Thursday, April 05, 2007 at 8:57 AM
TO add a bit to this, the issue will be resolved with 4.5 security updates, however if running a previous version I strongly recommend making my listed changes to protect yourself. If there are any specific questions, please e-mail me directly and do not post specifics here or on my site as the issue is in my opinion fairly major and we do not need details being made public.
Enter your email address below and find our blog updates in your inbox.