A potential XSS vulnerability has been fixed with the latest Campsite release, which also improves session handling to avoid logged user session grabbing via CSRF attack. The vulnerability was discovered by High-Tech Bridge SA, Ethical Hacking & Penetration Testing.
The developers have also taken this opportunity to improve the universal list function that allows the user to choose how to list articles in the admin interface and search those articles as well as further update the UI redesign. The next Campsite update is due at the end of August.
- CSRF (Cross-site request forgery) protection implemented
- Multiple general UI changes and fixes
- Number of parameters in the articles search list reduced
- Improved session handling to avoid logged user session grabbing via CSRF attack
- On backup data restore the file system_preferences.php is now deleted
- The restore script no longer crashes if the files/images directory didn’t exist in the package
- Layout errors in the universal list solved
- Campsite installer no longer crashes on Windows
- Missing default admin permission sorted
- Feedback function working correctly
- Universal list now working if topic has ” in title.
- Plugin installation difficulties solved
- UTF strings show up properly in email notifications
- User input is correctly filtered out
- Field values now change correctly in the universal list
- Pagination and sorting now working properly in staff-user-admin of campsite
- Localizer now supports languages with different country code (e.g. zh_CN – simplified , zh_TW – traditional)
For more information and free download, please visit http://campsite.sourcefabric.org
Campsite is a free, open source, multilingual content management system (CMS) for news websites, released in late 2000.
Campsite runs on Linux, Windows and Mac OS servers, with access from any web browser.
Campsite features automated publishing, editor review, multimedia support, subscription management & full template support.