Gabriel Harper's Blog

The latest Jelsoft security bulletin, dated this August 18th, 2008, has announced the discovery of a new XSS flaw related to JavaScript escaping. This flaw could allow unauthorized users to carry out unauthorized actions or obtain access to a user’s account. vBulletin patch releases 3.7.2 PL2 and 3.6.10 PL4 have been released to address the new XSS flaw, discovered by Federico Muttis.

Like other patch releases, no upgrade script is required so you can just download vBulletin 3.7.2 PL2 and 3.6.10 PL4 patch releases and upload them to your server. Read vBulletin 3.7.2 PL2 and 3.6.10 PL4 Released in the official vBulletin forums for more information.

This entry was posted on Monday, August 18th, 2008 at 11:21 am and is filed under Servers & Security, Software & Scripts. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.