[ic] Interchange security releases: 5.7.6, 5.6.3, 5.4.5

Justin Otten justino at fragrancenet.com
Thu Mar 25 16:07:03 UTC 2010

Grant Wrote:

> What is it about a custom page that can make it vulnerable?
A custom page that uses the [bounce] tag *could* be affected. Not just any
custom page.
The [bounce] tag crafts a 'Location' header based on the params you supply.
If you don't
pre-scrub the data for newlines, then it is potentially vulnerable.

Justin Otten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.icdevgroup.org/pipermail/interchange-users/attachments/20100325/6ba7e3b1/attachment.htm>

More information about the interchange-users mailing list