Security Concern???

Not only is this a very minor X site scripting issue and absolutly nothing to worry about.

It doesn't effect the latest version, Web Wiz Forums version 7.5.

The person who sumitted this bug track also emailed it to me I tried to responed to him, "HEX" <hex@hex.net.ru>, telling him that the bug track report he submitted to security focus is wrong but the email address is incorrect.

I also emailed securityfocus.com where is was submitted telling them this submission was incorrect but they published it anyway. I have emailed them again demending that they correct it or remove it.

1. It doesn't effect version 7.5 (the latest version), so no need to wait for a patch
2. I knew and wrote a fix to this last Easter.
3. Version 7.01 that this bug report is on doesn't have a file called forum_members.asp so it is incorrect.
4. Saying that there is no patch for this is incorrect in this bug report as a fix has already been written and this doesn't effect the latest version.
   

If you are running a version older than 7.5 don't worry to much as this is not a majour concern, it just means that someone can add some info to a querystring (in there own browser) that makes the forum do something it shouldn't, like show an JavaScript alert box, but nothing that is harmful or effect other users.

Edited by -boRg-

If you look in the web wiz forums forum there is a post on how to upgrade which is releativly simple for access versions.

hey borg! can you upgrade from v7.01 to v7.5 by just using the same database? (Basically is there going to be any errors that develop if i just using the same database that i used with v7.01)

http://forums.webwiz.net/forum_posts.asp?TID=6136&a mp;PN=1

 

Here ya go pmormr...  I just upgraded my site and there was no problems.  But then again I have ms access not sql!