Supported force uploading for same URL by same submitter. Supported delete file by Submitter. Supported page controller on file list.

We found XSS vulnerability at our sources.

Backpack v0.91 or before
Bmsurvey v0.84 or before
Newbb_fileup v1.83 or before
News_embed v1.44 ( news_fileup ) or before
Popnupblog v3.19 or before

BackPack passed Xoops 2.0.17.1 / Xoops Cube legacy 2.1.2

V3.18 2007/12/20 Fix: Blog owner can change the preference when "Allow to application for user" off at admin preference. Blog owner can delete any posted messages. User can click the poster name and jump to userinfo at blog.

Supported group permission for private survey.