IP.Board 2.2.x Security Update

Find the latest vBulletin information about IP.Board 2.2.x Security Update relating to Forum Software at The Staff Lounge. This was a vBulletin news entry posted 1 year, 1 month ago. IP.Board 2.2.x Security Update.

« Site Downtime
IP.Board 2.3.0 Released »

IP.Board 2.2.x Security Update

39 views Published 1 year, 1 month ago in Forum Software

We have been notified that a vulnerability exists in the profile updating functions of IP.Board 2.2.0 - IP.Board 2.2.2.

Although the vulnerability cannot change any authentication credentials such as the email address or password and the vulnerability cannot be used to craft XSS (cross site scripting) attacks it can be used to cause a nuisance by updating another user’s AIM name, Yahoo! identity, et. cetera.

The update (attached) is a single file update to “sources/action_public/xmlout.php”. Manual patch instructions are also supplied.

The main download zip has been updated at the time of this announcement.

We would like to thank “iMMENSE” for bringing this to our attention.

Patch File:
http://forums.invisionpower.com/index.php?act=attach&type=post&id=11699

Manual Patch Instructions (for power users):
http://forums.invisionpower.com/index.php?act=attach&type=post&id=11700

Tags: No tags for this post. Print This Post

No Responses to “IP.Board 2.2.x Security Update”  

View Original    View Source Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply


Search

About This Entry

About This Entry
  • You’re currently reading “IP.Board 2.2.x Security Update,” an entry on The Staff Lounge

  • Published at 6.11.07 / 4pm

Related Entries

Related
    • No related posts.

Recommended Areas

Recommended Areas

Reviews Forum Reviews
Professional feedback.

Articles Forum Articles
Quality articles.

Powered By

Living Off

Forums Powered By vBulletin Blog Powered By Wordpress Skin Designed By Binary Bonsai