IPBSupport News 8 Report post Posted May 30, 2007 IP.Board 2.2.x Possible XSS Issue It has come to our attention that IP.Board 2.2.x may be vulnerable to an XSS (cross-site scripting) attack by injecting Javascript into supplementary files used by our rich text editor. It should be noted that this damage is mitigated by the "HttpOnly" cookies which were introduced into IP.Board 2.2.0. This means that sensitive cookies in IP.Board 2.2.0 and higher cannot be read by Javascript which could be crafted using this issue. This update is very simple and straightforward and only affects these supplementary files. The attached zip file contains all the required files. Simply upload them over the existing files on your server. Quelle: http://forums.invisionpower.com/index.php?showtopic=235069 Share this post Link to post
