[ic] Interchange security releases: 5.7.6, 5.6.3, 5.4.5
Grant
emailgrant at gmail.com
Fri Mar 26 14:20:56 UTC 2010
>> What is it about a custom page that can make it vulnerable?
>
> A custom page that uses the [bounce] tag *could* be affected. Not just any
> custom page.
> The [bounce] tag crafts a 'Location' header based on the params you supply.
> If you don't
> pre-scrub the data for newlines, then it is potentially vulnerable.
>
> --
> Regards,
> Justin Otten
> FragranceNet.com
Thank you Justin.
- Grant
More information about the interchange-users
mailing list