IPBSupport News 8 Report post Posted February 8, 2013 Security Update: 7th February 2013 A cross-site-scripting (XSS) exploit has been discovered in IP.Gallery. We are releasing a security update for versions 4.2.x and 5.0.x today to patch this issue. Instructions: Patching is very easy; Identify the version of IP.Gallery you are running. Download and unzip the appropriate patch file below that matches your version. Upload the contents of the zip to your /public/js directory, overwriting the existing file. IP.Gallery 4.2.x ipg42_feb13.zip 831bytes 0 downloads IP.Gallery 5.0.x ipg5_feb13.zip 2.41K 2 downloads Notes: When you apply the security update the bulletin in your AdminCP will still display. We keep the bulletin in place for at least a week after a security release. Our main software packages accessed via the client area have already been updated with this security update. Our thanks to Mohamed Ramadan ( Attack-Secure.com / https://twitter.com/Attack_Secure ) for bringing this to our attention. Quelle: http://community.invisionpower.com/topic/379028-ipgallery-42x-and-50x-security-update/ Share this post Link to post