Cross Site Scripting Vulnerability Affecting ALL Editions of nBill

nBill Community

22/May/2012, 11:05:26 PM

Welcome, Guest. Please login or register.

News: Click Here for the nBill home page, or take a tour.

Home

Help

nBill Community > Announcements > Official Announcements > Cross Site Scripting Vulnerability Affecting ALL Editions of nBill

Pages: [1]

« previous next »

Author

Topic: Cross Site Scripting Vulnerability Affecting ALL Editions of nBill (Read 367 times)

netshine

Administrator
Hero Member

Offline

Posts: 4,563

Cross Site Scripting Vulnerability Affecting ALL Editions of nBill

« on: 13/July/2011, 10:39:57 AM »

A cross site scripting (xss) vulnerability has been discovered, affecting ALL versions of nBill. Whilst this is not a critical problem and is unlikely to result in the compromise of your site or any client data, it is nevertheless recommended that you apply the relevant patch from the replies below (I will reply to this topic once for each edition of nBill).

The main component download files have all been patched, so if you download the component after 10:40am BST on 13th July 2011, you do not need to apply the patch.

To apply the patch, simply replace your /components/com_nbill/nbill.php file with the relevant attachment below (in the case of nBill 1, the file to replace is /components/com_netinvoice/netinvoice.php).


	Logged

netshine

Administrator
Hero Member

Offline

Posts: 4,563

Re: Cross Site Scripting Vulnerability Affecting ALL Editions of nBill

« Reply #1 on: 13/July/2011, 10:41:38 AM »

For nBill 2.1.1 (Standard Edition), please use the attached file (it is the same file regardless of which version of Joomla or Mambo you are using).