This is a !snbug announcement. A lame coding error left the opportunity for an #XSS attack in the #Bookmark plugin in !sn source which only very recently got fixed.
I recommend updating to !gnusocial v1.1.2-alpha1 (i.e. latest git commit) if you haven't disabled the Bookmark !gnusocial
I believe the severity is not very great, since only a href="" value could be written to contain javascript code. Which requires a user to click the Bookmark's external link. Please correct me if I'm !gnusocial !gnusocial !gnusocial
I've sent emails to the mailinglists I know of handling these matters.
Nachrichten, in denen dieser Anhang erscheint
1w6 uRPG ist ein Mikrobloggingdienst von Arne (Drak) Babenhauserheide. Es wird mit der Mikrobloggingsoftware StatusNet (Version 1.1.1-release) betrieben, die unter der GNU Affero General Public License erhältlich ist. The running version includes the patches from draketo.de/proj/statusnet-patches.
Alle Inhalte und Daten von 1w6 uRPG sind unter der Creative Commons Attribution 3.0 Lizenz verfügbar.