- Written by Super User
- Category: Simple Email Form
- Hits: 23729
The current (and older) version has a "reflected XSS" vulnerability. I am currently working on a fix. Please look for version 1.8.6 which will contain the fix. Also, please consult the vel.joomla.org website which will tell you when the fix has been confirmed. SORRY folks ... please have patience!!!
For more info on the problem please see this article: http://joomla.unlikelysource.org/index.php/simple-email-form-bugs-menu/44-reflected-xss-vulnerability-in-version-1-8-5
Also, have a look at this info: https:
This demonstrates using the Simple Email Form module inside an article:
Joomla 3.2 validates the "From" email address. If this address is invalid, the email will not be sent!
Most people use the Simple Email Form inside an article, and if you have Joomla cache enabled, all articles are cached by default.. The module doesn't work if you plan to do all of the following:
- place the module inside an article
- use an image CAPTCHA
- enable joomla cache
If you do not use a CAPTCHA, you can use the module inside an article and still have joomla cache enabled.
The problem is that although the module can be excluded from cache, an article cannot. Once the CAPTCHA is cached, the visitor to your site sees the same CAPTCHA (because of caching) but internally it has been refreshed.
MicHelp! (michelp.fr) has confirmed that installing the JotCache Extension works!
If you install the JotCache Extension, you can exclude the article from cache, which will allow you to use CAPTCHAs.
http://extensions.joomla.org/extensions/core-enhancements/performance/cache/13155 for more info.
Click on the menu link for "Documentation" for other info.