« vBulletin XSS Flaw Fixed: 3.7.1 PL1 and 3.6.10 PL1
Scriptalicious Payment System Updated »

New vBulletin XSS Flaw Fix: vBulletin 3.7.1 PL2 and 3.6.10 PL2

Posted on June 18th, 2008 by Gabriel Harper

Jelsoft just announced a new patch level release for vBulletin 3.7.1 and 3.6.10. vBulletin 3.7.1 PL2 and 3.6.10 PL2 are intended to address the deeper issues behind the XSS flaw first noted in vBulletin 3.7.1 PL1 and 3.6.10 PL1. According to the Jelsoft release annoucement 3.7.1 PL2 and 3.6.10 PL2 fixes an XSS flaw affecting the URL redirection system in vBulletin.

This XSS flaw in the vBulletinURL redirection system can trick an admin or moderator into performing unintended unauthorized actions. Thanks to Jessica Hope who helped discover and identify the flaw and is noted in the release! Read the official vBulletin announcement here.

This entry was posted on Wednesday, June 18th, 2008 at 10:10 am and is filed under Servers & Security, Software & Scripts. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply


Intavant          Servermind

©2020 Gabriel Harper. Do not use, copy or re-publish any part of this blog.