If debug mode is enabled, but _XHdebug.txt contains anything else than a single ASCII character, respective error messages are displayed not only in admin mode, thus causing information leakage.
This issue most likely affects all CMSimple_XH versions so far.
So ensure that debug mode is disabled, or that _XHdebug.txt contains only a single ASCII character!
See also https://github.com/cmsimple-xh/cmsimple-xh/issues/293.
A place for security related announcements and discussions - please check this forum frequently!
1 post • Page 1 of 1