Jump to content

* * * * * 2 votes

IP.Board 3.2.x Security Update

  • Please log in to reply
1 reply to this topic

#1 IPS News

IPS News

    Public Relations

  • IPS Staff
  • 1,065 posts

Posted 09 March 2012 - 10:47 AM


It has come to our attention that a XSS (Cross Site Scripting) attack is possible under specific circumstances when editing a post another member has made.

This issue only exists in IP.Board 3.2.0, 3.2.1, 3.2.2 and 3.2.3. We recommend that everyone using these versions apply this simple two file patch.

Simply download the zip, expand it on your computer and upload the files to the relevant folders on your server. The directory structure is maintained in the zip so you will have no issues finding the files.

If you need assistance, please contact technical support.

Patching 3.2.3
Attached File  march-editor-patch_3_2.zip   30.13KB   1599 downloads

Patching 3.2.0-3.2.2
Please upgrade to 3.2.3. Please note, this zip file is not compatible with 3.2.2, 3.2.1 or 3.2.0.

Note: The main download zip has been updated .
  • Christophe, Mister Java, Dher and 34 others like this

#2 IPS News

IPS News

    Public Relations

  • IPS Staff
  • 1,065 posts

Posted 14 March 2012 - 07:26 AM

We have updated the 'March Editor Patch' zip above to include a fix for another XSS issue that had recently been reported to us.

Even though the release of our next version 3.3.0 is just around the corner, we wanted to ensure that this fix was released as soon as possible as part of our pro-active approach to security.

If you've already updated your board with the March Editor Patch, then re-download the zip and just upload /admin/extensions/coreVariables.php.

The main download zip has already been updated.
  • AndyF, Dher, Forsaken75 and 11 others like this

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users