Affected Versions

Versions 3.0.0 through 3.0.4 are affected.

Description

Some content may be rendered in both the System Overview and Feed Reader plugins without proper sanitization, making them vulnerable to cross-site scripting (XSS) attacks. Patch release 3.0.5 corrects these vulnerabilities. Uninstalling the affected plugins will also mitigate any potential attacks.

Resolution

Upgrade to version 3.0.5, or uninstall the affected plugins. Related tasks:

1. CORE-829
2. CORE-830

Credits

These issues were discovered by the Blesta Development Team.

A patch has been released for Blesta that addresses bugs discovered since 3.0.3 was released and fixes two security related issues. We strongly recommend upgrading to 3.0.4.

You can read more information about this patch, including the release notes, on our forums at http://www.blesta.com/forums/index.php?/topic/1192-release-304/.

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual. Don’t forget to run /admin/upgrade after you patch your files, there are some database changes that need to be executed.

Affected Versions

Versions 3.0.0 through 3.0.3 are affected.

Description

Some messages may be rendered without proper sanitization, making the system vulnerable to cross-site scripting (XSS) attacks through carefully crafted URLs. Two distinct message types are vulnerable to such an attack. Disabling PHP error reporting mitigates one of these vectors. Both issues are fully resolved in patch release 3.0.4.

Resolution

Upgrade to version 3.0.4. Related tasks:

1. CORE-796
2. CORE-797

Credits

Thanks to Vlad C. of NetSec Interactive Solutions for reporting these issues.

A patch has been released for Blesta that addresses bugs discovered since 3.0.2 was released. As usual, a big thanks to everyone who reported and confirmed these bugs on our forums, we appreciate your help.

You can read more information about this patch, including the release notes, on our forums at http://www.blesta.com/forums/index.php?/topic/1071-release-303/

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual. Don’t forget to run /admin/upgrade after you patch your files, there are some database changes that need to be executed.

Our success depends in large part on the ability for other people to extend Blesta by creating their own modules, gateways, and plugins. For this reason, it’s our goal to support developers like nobody else. We realize that we cannot build every extension imaginable, or serve every market niche. It’s our hope and desire that developers everywhere embrace Blesta as the best billing platform for their development efforts.

That brings us to the reason for this post. ModulesGarden has just released their first module for Blesta.

cPanel Extended for Blesta

• See the features
• Read the documentation
• Go to the dedicated forum

This module builds on our own cPanel module big time, eliminating the need for most of your customers to even need to login to cPanel at all. Your customers can create FTP accounts, email addresses, databases, subdomains, addon domains, cron jobs, and so much more right from their client area in Blesta. If they do need to get into the panel, there’s a simple button they can click to automatically log into cPanel, phpMyAdmin, or Webmail.

From ModulesGarden

We are very satisfied from cooperation between ModulesGarden and Blesta. Paul is a very friendly and open minded person who helped us a lot to create a module cPanel Extended For Blesta. Exchange of information between our companies was simply perfect. We received every support and feedback necessary to successfully proceed with development of the module. We definitely recommend Blesta as a partner for cooperation. - Piotr Dołęga, ModulesGarden CMO

Working with ModulesGarden was a pleasure, and we think they are on to something really important. Extended functionality modules are great because they consolidate tasks into a single panel. This simplifies things substantially for your customers, introducing a level of simplicity and usability that hasn’t existed in the web hosting industry until recently.

Please join us in thanking ModulesGarden for their hard work, and if you offer cPanel hosting be sure to pick up a copy of this module or give their 7 day free trial a spin. If you have a suggestion for another extended functionality module, let them know.