XMB Forum Software - [Security < 1.9.10] CVE-2007-0519 - Powered by XMB 1.9.12 (Debug Mode)

[Security < 1.9.10] CVE-2007-0519

miqrogroove - 5-10-2021 at 03:14 PM

Bug Source: XMB 1.9.9 and older

Symptoms: Unexpected output, Javascript compromise (XSS)

Security Impact: High

ID: CVE-2007-0519

Fixed By: XMB 1.9.10 and later are not affected.

Discussion:

In 2007, a CVE was assigned to a public XSS exploit against the XMB U2U feature. XMB staff evaluated this information in 2008, and determined version 1.9.8 contained an incomplete solution, but the CVE was still valid for one or more defects. U2U functions were revised and released with version 1.9.10 to implement better I/O filtering. These changes were also available in a service pack for version 1.9.8.

Recommendations:

Servers running PHP 7 or PHP 8
- If you installed XMB 1.8 through 1.9.9 - Upgrade to version 1.9.12.
Servers running PHP 5
- If you installed XMB 1.8 through 1.9.9 - Upgrade to version 1.9.11.
- Please consider updating your server with a new version of PHP.
Upgrade Instructions