News » 15.02.2009 - phpDenora 1.2.3 security release
It has come to my attention from our friends over at irc-junkie.org that phpDenora contained an XSS vulnerability. Specially crafted channel names can execute arbitrary code in the web browser. Since the limited channel name length and limited charset, I believe nothing harmful can be done. Anyway, I urge everyone to upgrade to phpDenora 1.2.3, which adresses the problem.