SiteStudio 1.6 Security Update

  

This security update for SiteStudio 1.6 Final and 1.6 Patch 1 fixes XSS vulnerability in SiteStudio Guestbook.

IMPORTANT:
Do not update from SiteStudio 1.6RC3 or earlier versions, only from SiteStudio 1.6 Final or 1.6 Patch 1.

 

To apply the security update:

Standalone SiteStudio on Linux/BSD:

Note: You must perform these actions under the account your SiteStudio is run under.

  1. Enter the SiteStudio directory:

    2. cd /home/SiteStudio

  2. Run the script:

    sh ./patch-gb-ss1.6.sh

  3. Restart SiteStudio.

SiteStudio integrated with H-Sphere

Note: You must perform these actions under the cpanel account.

  1. Enter the SiteStudio directory:

    2. cd /hsphere/shared/SiteStudio

  2. Run the script:

    sh ./patch-gb-ss1.6.sh

  3. Restart H-Sphere under root.
  4. Restart imaker.sh:

    /hsphere/shared/SiteStudio/imaker.sh restart

For SiteStudio on Windows®:

  1. Change into the directory studio/WEB-INF/classes in the SiteStudio directory.
  2. Create the directory psoft/guestbook.
  3. Restart SiteStudio.

 

Special thanks to Donnie Werner of exploitlabs.com for finding this vulnerability and notifying us!



See also:

Latest Features Reference

Products
.© Copyright. . PSOFT. All Rights Reserved. Terms | Site Map