SiteStudio 1.6 Security Update

 

06 May 2005

This security update for SiteStudio 1.6 Final and 1.6 Patch 1 fixes XSS vulnerability in SiteStudio Guestbook.

IMPORTANT:
Do not update from SiteStudio 1.6RC3 or earlier versions, only from SiteStudio 1.6 Final or 1.6 Patch 1.

 

To apply the security update:

Standalone SiteStudio on Linux/BSD:

Note: You must perform these actions under the account your SiteStudio is run under.

  1. Enter the SiteStudio directory:
  2. cd /home/SiteStudio

  3. Download the update script:

    On Linux:

    wget http://sitestudio.psoft.net/downloads/patch-gb-ss1.6.sh

    On BSD:

    fetch http://sitestudio.psoft.net/downloads/patch-gb-ss1.6.sh

  4. Run the script:

    sh ./patch-gb-ss1.6.sh

  5. Restart SiteStudio.

SiteStudio integrated with H-Sphere

Note: You must perform these actions under the cpanel account.

  1. Enter the SiteStudio directory:
  2. cd /hsphere/shared/SiteStudio

  3. Download the update script:

    On Linux:

    wget http://sitestudio.psoft.net/downloads/patch-gb-ss1.6.sh

    On BSD:

    fetch http://sitestudio.psoft.net/downloads/patch-gb-ss1.6.sh

  4. Run the script:

    sh ./patch-gb-ss1.6.sh

  5. Restart H-Sphere under root.
  6. Restart imaker.sh:

    /hsphere/shared/SiteStudio/imaker.sh restart

For SiteStudio on Windows®:

  1. Change into the directory studio/WEB-INF/classes in the SiteStudio directory.
  2. Create the directory psoft/guestbook.
  3. Download the update and unzip it into the created directory.
  4. Restart SiteStudio.

 

If you want to request this update from us, contact support.

Special thanks to Donnie Werner of exploitlabs.com for finding this vulnerability and notifying us!




See also:

Product Page
SiteStudio Docs
On-Line Demo
List of Templates
SiteStudio downloads
Latest Features Reference

Copyright 1998-2008. Positive Software Corporation.
All rights reserved.