An undocumented behaviour in all Windows versions of Internet Explorer has rendered vBulletin vulnerable to a potential cross-site scripting flaw (XSS). Therefore, we have decided to put out a preventative security release in order to work-around the Internet Explorer problem before it is exploited.
This potential XSS exploit affects all versions of vBulletin. We have posted instructions on the vBulletin.com announcements forum detailing procedures to upgrade or patch each affected version. Please follow the relevant links below.
Note: While we have supplied patches and updates for all available vBulletin versions, we do recommend that customers not running the 3.6.* series upgrade to 3.6.3, as this is our latest stable release.
Upgrade information and patch for 3.6.* series
http://www.vbulletin.com/go/363
Upgrade information and patch for 3.5.* series
http://www.vbulletin.com/go/356
Upgrade information and patch for 3.0.* series
http://www.vbulletin.com/go/3016
Upgrade information and patch for 2.3.* series
http://www.vbulletin.com/go/2311
Vbulletin security update
Răspunde cu citat