[ic] Interchange security releases: 5.7.2, 5.6.2, 5.4.4
Grant
emailgrant at gmail.com
Sun Sep 20 18:10:00 UTC 2009
>> I hope replying here is alright. I'm trying to figure out if I'm
>> vulnerable to this. I don't use [search-region] or ActionMap at all.
>> Does that exclude me?
>
> No, you are vulnerable if you use a Standard or Foundation based
> catalog. You are vulnerable if you have a search results page that
> utilizes the Interchange standard search facilities anywhere, even if
> you do not use it. If you think you might be vulnerable you probably
> are. If you think you are not vulnerable then you still probably are.
>
> I recommend this update for ... pretty much everyone.
>
>
> Peter
I don't use a Standard or Foundation based catalog, and my search
results pages are completely home-brewed within IC. None of the raw
search parameters appear in the URL ever. I do use [loop
search="..."][/loop] within my pages, but I don't know if that counts
as "standard search facilities" and I don't see how that could be
manipulated.
- Grant
More information about the interchange-users
mailing list