Jump to content


Welcome to IPS!

Feel free to browse our community to get a feel for how our community software operates. Post in the pre-sales forum with any questions you have before purchasing or use the Test Posting forum to post a few messages yourself! You can also get a free demo to try the IPS Community Suite yourself.

Already an active IPS client?

Login with the same email address and password you use for the client area to access client-only areas.

- - - - -

IP.Board 2.2.x XSS Update

Started by IPS News, May 30 2007 10:36 AM

  • Please log in to reply
No replies to this topic

#1 IPS News

IPS News

    Public Relations

  • IPS Staff
  • 712 posts

Posted 30 May 2007 - 10:36 AM

IP.Board 2.2.x Possible XSS Issue

It has come to our attention that IP.Board 2.2.x may be vulnerable to an XSS (cross-site scripting) attack by injecting JavaScript into supplementary files used by our rich text editor. It should be noted that this damage is mitigated by the "HttpOnly" cookies which were introduced into IP.Board 2.2.0. This means that sensitive cookies in IP.Board 2.2.0 and higher cannot be read by JavaScript which could be crafted using this issue.

This update is very simple and straightforward and only affects these supplementary files. The attached zip file contains all the required files. Simply upload them over the existing files on your server.

Attached Files


Back to News and Information


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Invision Power Services
  2. Welcome to IPS
  3. News and Information
  4. Community Rules