Rhett Posted February 20, 2012 Share Posted February 20, 2012 It has come to our attention that a XSS (Cross Site Scripting) attack is possible within the Admin CP. The javascript is only executed when viewing the detailed pop-up of a specific failed admin log in.This issue exists in all IP.Board 3 versions. We recommend that everyone using these versions apply this simple one file patch.Simply download the zip for your IP.Board version, expand the zip on your computer and upload the file to the relevant folder on your server. The directory structure is maintained in the zip so you will have no issues finding the file.If you need assistance, please contact technical support.http://community.inv...ecurity-update/ feb-3_1_x.zip feb_3_2_x.zip Rhett Buck Exact Servers Link to comment Share on other sites More sharing options...
Rhett Posted February 20, 2012 Author Share Posted February 20, 2012 I have checked to ensure all customers hosted by exactservers have this patch in place, if it wasn't already completed I have updated the files for you.Thank you Rhett Buck Exact Servers Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now