Inviato March 18, 2010 It has come to our attention that there is a possible XSS exploit present in both IP.Board 2.3.6 and 3.0.x. This vulnerability allows the attacker to insert CSS or Javascript into certain BBCodes that is executed when a user displays the page. Resolution Please download the relevant zip for your IP.Board. Expand the zip file and upload the file over the copy on your server. No other action is required. IP.Board 3.0.5 305-march-10.zip (35.55K) : 850 Please note this patch will only work with IP.Board 3.0.5. If you are using an earlier version of IP.Board 3.0 then you will need to upgrade to IP.Board 3.0.5. After you have upgraded, you will not need to add this patch. IP.Board 2.3.6 236xss_march10.zip (15.61K) : 1111 The main download zips have been updated. If you have downloaded either 2.3.6 or 3.0.5 since the time of this announcement, then you do not need to patch your installation. View the full article Condividi questo messaggio Link di questo messaggio Condividi su altri siti