Multiple vulnerabilities in Hubzilla before version 7.2
Hubzilla < 7.2 - Multiple vulnerabilities : Harald Eilertsen's Homepage
While looking at the source code for Hubzilla, I discovered a few low-hanging security vulnerabilities. These are a Local File Inclusion vulnerability in the standard theme, and two vulnerabilities in the settings modules, a Cross-Site scripting (XSS) vulnerability and an Open Redirect vulnerability, both via the rpath URL query parameter.
Fixes for all of these issues were released in version 7.2 on March 29, 2022.
The full details at https://volse.net/~haraldei/infosec/disclosures/hubzilla-before-7-2-multiple-vulnerabilities/
If you haven't updated your hub to the latest version yet, I highly recommend that you do so as soon as possible.
There are no comments yet.