1 reply to this topic

[IPS News]

It has come to our attention that a XSS (Cross Site Scripting) attack is possible under specific circumstances when editing a post another member has made.

This issue only exists in IP.Board 3.2.0, 3.2.1, 3.2.2 and 3.2.3. We recommend that everyone using these versions apply this simple two file patch.

Simply download the zip, expand it on your computer and upload the files to the relevant folders on your server. The directory structure is maintained in the zip so you will have no issues finding the files.

If you need assistance, please contact technical support.

Patching 3.2.3
 march-editor-patch_3_2.zip   30.13KB   1453 downloads

Patching 3.2.0-3.2.2
Please upgrade to 3.2.3. Please note, this zip file is not compatible with 3.2.2, 3.2.1 or 3.2.0.

Note: The main download zip has been updated .

[IPS News]

We have updated the 'March Editor Patch' zip above to include a fix for another XSS issue that had recently been reported to us.

Even though the release of our next version 3.3.0 is just around the corner, we wanted to ensure that this fix was released as soon as possible as part of our pro-active approach to security.

If you've already updated your board with the March Editor Patch, then re-download the zip and just upload /admin/extensions/coreVariables.php.

The main download zip has already been updated.