[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Xoops RC3 script injection vulnerability
From:       RuIezz () aol ! com
Date:       2002-09-27 20:00:46
[Download RAW message or body]

>Xoops settings :  admin > system admin > preferences > >html OFF  (for what 
>do you think that exist this ??)

The webmaster must do it himself, I said that if he doesn't make care, some code will be insert.
That's why I called it vulnerability and not hole as you said (there's a difference).

>Nopes we can't add all new vulnerability to the >textsanitizer, 

But that's what the french team tell me by mail.
And you can also see it on this link: http://www.frxoops.org/modules/news/article.php?storyid=576.

So if XOOPS team gives wrong informations, I'm not responsible for this kind of error.

dAs
http://www.echu.org
[prev in list] [next in list] [prev in thread] [next in thread]