You are here: Foswiki>Support Web>KnownIssuesOfFoswiki01x01>SecurityAlerts>SecurityAlert-SlideShowPlugin-2011-0828 (10 Jan 2013, GeorgeClark)Edit Attach

Security Alert: SlideShowPlugin prior to version 2.1.4 has a cross site scripting vulnerability.

Get Alerted: to get immediate alerts of high priority security issues, please join the low-volume foswiki-announce list - details at MailingLists

SlideShowPlugin should be updated to version 2.1.4 or later to close a cross site scripting vulnerability.

All Foswiki versions prior to 1.1.4 are affected but the plugin can be updated in minutes from configure or manually by downloading and replacing the plugin from SlideShowPlugin.

Severity Level
Vulnerable Software Versions

Severity Level

Severity 3 issue: Foswiki content or browser is compromised

The severity level was assigned by the Foswiki SecurityTaskTeam as documented in SecurityAlertProcess

Vulnerable Software Versions

Foswiki 1.0.0, Foswiki 1.0.0-beta1, Foswiki 1.0.0-beta2, Foswiki 1.0.0-beta3, Foswiki 1.0.1, Foswiki 1.0.2, Foswiki 1.0.3, Foswiki 1.0.4, Foswiki 1.0.5, Foswiki 1.0.6, Foswiki 1.0.7, Foswiki 1.0.8, Foswiki 1.0.9, Foswiki 1.0.9-rc1, Foswiki 1.0.9-RC2, Foswiki 1.0.10, Foswiki 1.0.10-rc1, Foswiki 1.1.0, Foswiki 1.1.0-beta1, Foswiki 1.1.0-RC1, Foswiki 1.1.1, Foswiki 1.1.2, Foswiki 1.1.3, Foswiki 1.1.3-RC1

Fixed in Foswiki 1.1.4

Edit | Attach | Print version | History: r1 | Backlinks | View wiki text | Edit wiki text | More topic actions

Topic revision: r1 - 10 Jan 2013, GeorgeClark

Quick Links

Tools

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement.

Creative Commons License

Legal Imprint Privacy Policy