The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
Members.asp has a security vulnerability on Snitz 3.4.07 (3.4.06 is also affected).
To fix the vulnerability, around line#85
where you can find this:
Please change it to this:
As I said, 3.4.06 has the same vulnerability, same line number and the fix is the same. Versions previous to 3.4.06 are not affected.
Please post on the General / Current version forum for any help with this issue.
The Snitz download from sourceforge has been updated with this and all previous security fixes. If you download the new version, in the meantime, please check members.asp to be sure the fix is there, as changes do take some time to propagate, at times.
To fix the vulnerability, around line#85
where you can find this:
Code:
SearchNameDisplay = SearchNamePlease change it to this:
Code:
SearchNameDisplay = Server.HTMLEncode(SearchName)As I said, 3.4.06 has the same vulnerability, same line number and the fix is the same. Versions previous to 3.4.06 are not affected.
Please post on the General / Current version forum for any help with this issue.
The Snitz download from sourceforge has been updated with this and all previous security fixes. If you download the new version, in the meantime, please check members.asp to be sure the fix is there, as changes do take some time to propagate, at times.