[mapguide-internals] MapGuide Site Administrator XSS vulnerability fix

Jackie Ng jumpinjackie at gmail.com
Tue Aug 23 06:57:14 PDT 2022


A security fix is available for MapGuide Open Source.

This fix mitigates several XSS vulnerabilities reported in the MapGuide
Site Administrator tool.

Download:
https://download.osgeo.org/mapguide/patches/mapadmin_xss_fix/mapadmin_xss_fix.zip

To apply, simply extract the zip contents to the www/mapadmin folder of
your MapGuide installation and overwrite all existing files.

This fix can be applied to the following versions of MapGuide Open Source:

   - 2.6.1
   - 3.0.0
   - 3.1.0
   - 3.1.1
   - 3.1.2
   - Any preview release of 4.0.0

Special thanks to Eitan Shav of mend.io (https://www.mend.io/) who found
and reported this vulnerability.


More information about the mapguide-internals mailing list