[ic] Interchange security releases: 5.7.6, 5.6.3, 5.4.5

Grant emailgrant at gmail.com
Fri Mar 26 14:20:56 UTC 2010

>> What is it about a custom page that can make it vulnerable?
> A custom page that uses the [bounce] tag *could* be affected. Not just any
> custom page.
> The [bounce] tag crafts a 'Location' header based on the params you supply.
> If you don't
> pre-scrub the data for newlines, then it is potentially vulnerable.
> --
> Regards,
> Justin Otten
> FragranceNet.com

Thank you Justin.

- Grant

More information about the interchange-users mailing list