News » 15.02.2009 - phpDenora 1.2.3 security release

It has come to my attention from our friends over at that phpDenora contained an XSS vulnerability. Specially crafted channel names can execute arbitrary code in the web browser. Since the limited channel name length and limited charset, I believe nothing harmful can be done. Anyway, I urge everyone to upgrade to phpDenora 1.2.3, which adresses the problem.