Screenshots

Single post view
Feed settings
Natural Essence template
Create a new post
Vector Lover template
View profile page
Template settings
Edit profile page
Beautiful Day template
Interlude template
Emplode template
Contaminated template
Administration panel
Security fixes warning
Colorvoid template

Latest news

All news

Latest release

Open Blog 1.2.1

Changelog

Previous versions

Open Blog 1.2.1 security update

Posted on April 28, 2009 by Kami

This update addresses a series of XSS vulnerabilities in Open Blog 1.2.0.

The problems arose because global XSS filtering was disabled in Open Blog 1.2.0 and because of the rush to release Open Blog 1.2.0 on time, I forgot to sanitize some of the variables.

The changelog which lists all the files that were changed is available here.

Thanks to Gašper Kozak for spotting this vulnerability and notifying me.

If you are running Open Blog 1.2.0, download this package which includes the changed files, unpack it, go to the OpenBlog_1.2.0_to_1.2.1/ folder and upload the files from this folder to your blog root directory.

Notice: Older versions are not affected by this vulnerability.

Sincerely,
Tomaž

Open Blog

Kick-ass Blog application built using the CodeIgniter PHP Framework

Screenshots

Latest news

Latest release

Open Blog 1.2.1 security update