Jump to content

Welcome to DevFuse Forums

Sign In  Log in with Facebook

Create Account
Welcome to DevFuse Forums, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of DevFuse Forums by signing in or creating an account.
  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.
Guest Message by DevFuse

(View All Products)Featured Products

  • Donations

    Help fund your forum with donations, setup goals and track member donations. Offer rewards for members donating.
  • Timeslips

    Have your members submit their race times and share with others.
  • Videos

    Allows your members to submit their own videos for community viewing. Support is included for all the major video sites.
  • Forms

    Build your own forms for your members without coding experience. Support included for pm, email and topics.
  • Collections

    Build a community database of items for your members. Full features custom fields included.


IP.Board 2.3.6 and 3.0.5 Security Update

  • Please log in to reply
No replies to this topic

#1 News Bot

News Bot

    Dedicated Member

  • Members
  • PipPipPipPipPip
  • 1,909 posts
  • IP.Board Version:N/A

Posted 08 March 2010 - 08:34 AM

It has come to our attention that there is a possible XSS exploit present in both IP.Board 2.3.6 and 3.0.x. This vulnerability allows the attacker to insert CSS or Javascript into certain BBCodes that is executed when a user displays the page.

Please download the relevant zip for your IP.Board. Expand the zip file and upload the file over the copy on your server. No other action is required.

IP.Board 3.0.5
 305xss_march10.zip (13.29K)
: 67

IP.Board 2.3.6
 236xss_march10.zip (15.61K)
: 26

The main download zips have been updated. If you have downloaded either 2.3.6 or 3.0.5 since the time of this announcement, then you do not need to patch your installation.

Source: Click Here

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users