Members.asp has a security vulnerability on Snitz 3.4.07 (3.4.06 is also affected).
To fix the vulnerability, around line#85
where you can find this:
SearchNameDisplay = SearchName
Please change it to this:
SearchNameDisplay = Server.HTMLEncode(SearchName)
As I said, 3.4.06 has the same vulnerability, same line number and the fix is the same. Versions previous to 3.4.06 are not affected.
Please post on the General / Current version forum for any help with this issue.
The Snitz download from sourceforge has been updated with this and all previous security fixes. If you download the new version, in the meantime, please check members.asp to be sure the fix is there, as changes do take some time to propagate, at times.
new security fix, members.asp
Topic Locked
Posted - 23 November 2010 : 09:10:51
