[ic] Interchange security releases: 5.7.6, 5.6.3, 5.4.5
justino at fragrancenet.com
Thu Mar 25 16:07:03 UTC 2010
> What is it about a custom page that can make it vulnerable?
A custom page that uses the [bounce] tag *could* be affected. Not just any
The [bounce] tag crafts a 'Location' header based on the params you supply.
If you don't
pre-scrub the data for newlines, then it is potentially vulnerable.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the interchange-users