Jump to content


Photo

X2CRM Security Fixes


  • Please log in to reply
No replies to this topic

#1 X2Josef

X2Josef

    Member

  • Moderators
  • 16 posts

Posted 03 October 2018 - 04:55 PM

It has been brought to our attention that three vulnerabilities were found in our app. Please take the chance to look over the following fixes for these vulnerabilities and apply them to your installations. These fixes will also be included in our next version. 

 

Fixes: 

  1. Exception handling for invalid input to prevent SQL injection from the ActionHistoryChartWidget
  2. Permission check for Arbitrary file download via the global export in the admin control panel and when exporting themes
  3. Field purification when processing requests to prevent cross-site scripting (XSS)

Files:

Pull Request:

https://github.com/X.../X2CRM/pull/160

 

Make sure to take backups before applying any of these changes of course!

 

 

 

Thank you to SYSDREAM for bringing these vulnerabilities to our attention






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users