[IPB News]

Up to the minute news about the from The Staff Lounge, Your vBulletin Resource. We'll find the latest news so you can chat about here.

Quote:

Security Update This post outlines the steps required to update your IPB 2.1.x for this security update. If you've downloaded IPB 2.1.6 since the time of this post, there is no need to update your installation as the main download has been updated. It has come to our attention that due to a flaw in the way Internet Explorer handles urlencoded data in URLs, it's possible to craft a malicious URL when adding an avatar to cause an XSS (cross site scripting) vulnerability where, at worst, cookie data can be taken. Additionally, an unrelated flaw may allow moderators to moderate forums that they do not have permission to moderate. Solution To prevent further attacks of this kind, we've increased security by checking any URL that is likely to be inserted in an tag. This security update has a full version number of: 21012.60629.s. Please read our KB article on how to locate your full version number. Files that have been changed sources/action_public/moderator.php sources/ipsclass.php sources/lib/func_usercp.php sources/classes/bbcode/class_bbcode_core.php Security Update Download Invision Power Board 2.1.x Download Now If you are running a version previous to 2.1.6, please update to 2.1.6 by downloading the main download zip. Once you've performed the update, visit your ACP and click the link under the "Security Update Available" image to reset the image check. Manual Instructions http://forums.invisionpower.com/index.php?act=Attach&type=post&id=10132 Fri, 30 Jun 2006 11:53:19 -0500

Post your comments about this story, and other news here.