Quick Login
05-30-2007, 10:11 PM
| #1 |
| Forum Guru Join Date: Sep 2005
Posts: 8,310
 |  [IPB News] IP.Board 2.2.x XSS Update IP.Board 2.2.x Possible XSS Issue It has come to our attention that IP.Board 2.2.x may be vulnerable to an XSS (cross-site scripting) attack by injecting JavaScript into supplementary files used by our rich text editor. It should be noted that this damage is mitigated by the "HttpOnly" cookies which were introduced into IP.Board 2.2.0. This means that sensitive cookies in IP.Board 2.2.0 and higher cannot be read by JavaScript which could be crafted using this issue. This update is very simple and straightforward and only affects these supplementary files. The attached zip file contains all the required files. Simply upload them over the existing files on your server. More... |
|  |
 |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [IPB News] IPB 2.1.x Security Update Notice (06-30-2006) | Industry News | Invision Power Board | 3 | 07-03-2006 02:03 PM |
| [IPB News] IPB 2..x Update (06-05-22) | Industry News | Invision Power Board | 0 | 05-23-2006 04:21 AM |
| [IPB News] IPB 2.x.x Security Update (06-05-6) | Industry News | Invision Power Board | 0 | 05-17-2006 06:07 PM |
| [IPB News] IPB 2.x.x Security Update (04-25-06) | Industry News | Invision Power Board | 0 | 04-25-2006 03:08 PM |
| [IPB News] IPB 2.x.x Critical Security Update | Industry News | Invision Power Board | 0 | 01-05-2006 09:08 PM |
Linear Mode
