Jump to content


- - - - -

IP.Board 2.2.x XSS Update

Started by IPS News, May 30 2007 10:36 AM

This topic has been archived. This means that you cannot reply to this topic.
No replies to this topic

#1 IPS News

IPS News

    Spam Happy

  • IPS Staff
  • 766 posts

Posted 30 May 2007 - 10:36 AM

IP.Board 2.2.x Possible XSS Issue

It has come to our attention that IP.Board 2.2.x may be vulnerable to an XSS (cross-site scripting) attack by injecting JavaScript into supplementary files used by our rich text editor. It should be noted that this damage is mitigated by the "HttpOnly" cookies which were introduced into IP.Board 2.2.0. This means that sensitive cookies in IP.Board 2.2.0 and higher cannot be read by JavaScript which could be crafted using this issue.

This update is very simple and straightforward and only affects these supplementary files. The attached zip file contains all the required files. Simply upload them over the existing files on your server.

Attached Files


Back to News and Information


  1. Invision Power Services
  2. Welcome to IPS
  3. News and Information
  4. Privacy Policy
  5. Community Rules ·