View Revisions: Issue #23830

Summary 0023830: Update PHPMailer to 5.2.26
Revision 2018-01-11 10:07 by dregad
Description

Minor security issue [1]

PHPMailer 5.2.25 and earlier default to using echo for output, which has a potential for XSS if debug output is left on in production. This was already fixed in 6.0, change added to 5.2.26.
Thanks to Bankde Eakasit for spotting it.

Revision 2018-01-11 10:02 by dregad
Description

Minor security issue 1

PHPMailer 5.2.25 and earlier default to using echo for output, which has a potential for XSS if debug output is left on in production. This was already fixed in 6.0, change added to 5.2.26.
Thanks to Bankde Eakasit for spotting it.