Discuss all about IP.Board 2.2.x XSS Update

IPB News · #1 05-30-2007, 10:52 PM

Up to the minute news about the from The Staff Lounge, Your vBulletin Resource. We'll find the latest news so you can chat about here.

Quote:

IP.Board 2.2.x Possible XSS Issue

It has come to our attention that IP.Board 2.2.x may be vulnerable to an XSS (cross-site scripting) attack by injecting JavaScript into supplementary files used by our rich text editor. It should be noted that this damage is mitigated by the "HttpOnly" cookies which were introduced into IP.Board 2.2.0. This means that sensitive cookies in IP.Board 2.2.0 and higher cannot be read by JavaScript which could be crafted using this issue.

This update is very simple and straightforward and only affects these supplementary files. The attached zip file contains all the required files. Simply upload them over the existing files on your server.

Wed, 30 May 2007 11:36:29 -0400

Post your comments about this story, and other news here.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
IP.Board 2.2.x Security Update	IPB News	Bulletin Board News	0	06-16-2007 04:08 AM

Links of Interest
	vB Styles CinVin vBulletin Styles vBSkinworks .premodded My vBulletin Blog TalkCamp Link2Share - Link Directory Webmasters Domain		SysChat Raw Sports Talk The vBulletin Fans Network Pay Per Click Forums Domain Name Portal vBSEO Final Fantasy Forums

Discuss all about IP.Board 2.2.x XSS Update

Discuss IP.Board 2.2.x XSS Update at Bulletin Board News, All the latest information from vBulletin, Invision Power Board and phpBB, all put together in some forum for your joy and pleasure. Up to the minute news about the from The Staff Lounge, Your vBulletin Resource. We'.