Invision Power Services: IP.Board 2.2.x XSS Update - Invision Power Services

Jump to content

Subscribe for Updates

Enter your email on our company home page sign up box to subscribe to our company mailing list to receive notifications when we post new announcements along with other news and updates!
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

IP.Board 2.2.x XSS Update Rate Topic: -----

#1 User is offline   IPS News Icon

  • Public Relations
  • Icon
  • View blog
  • Group: IPS Staff
  • Posts: 177
  • Joined: 23-September 04
  • Gender:Male

Posted 30 May 2007 - 03:36 PM

IP.Board 2.2.x Possible XSS Issue

It has come to our attention that IP.Board 2.2.x may be vulnerable to an XSS (cross-site scripting) attack by injecting Javascript into supplementary files used by our rich text editor. It should be noted that this damage is mitigated by the "HttpOnly" cookies which were introduced into IP.Board 2.2.0. This means that sensitive cookies in IP.Board 2.2.0 and higher cannot be read by Javascript which could be crafted using this issue.

This update is very simple and straightforward and only affects these supplementary files. The attached zip file contains all the required files. Simply upload them over the existing files on your server.

Attached File(s)


0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users