Announcement

**Floris** · Sat 20 Mar '10, 11:20pm

yes, all 4.0.2 pl1 are affected.

**icarusforde** · Sun 21 Mar '10, 2:21am

*sighs*

Here we go again.

*Waits for Patch Level Two*

**sd2310** · Sun 21 Mar '10, 2:23am

Originally posted by icarusforde

*sighs*

Here we go again.

*Waits for Patch Level Two*

There should be only a few lines of code to edit, why is it taking so long ?

**icarusforde** · Sun 21 Mar '10, 2:25am

Because it's not just a few lines of code to edit.

**sd2310** · Sun 21 Mar '10, 2:27am

Originally posted by icarusforde

Because it's not just a few lines of code to edit.

Okay, I thought it must be quite easy

**icarusforde** · Sun 21 Mar '10, 2:30am

Not really. It's easier for hackers to get in than to keep hackers out... That being said, it should be harder for them to get in when it comes down to it in the first place.

**Paul M** · Sun 21 Mar '10, 3:47am

Quick [temp] fix ;

Search the templates for {vb:raw query} replace with {vb:var query}

There are about 10 of them.

**setishock** · Sun 21 Mar '10, 4:05am

Back up your databases and current files and folders. If you get smacked you can over write the affected files with your backups. It's a good idea to do that anyway.
Hopefully they get a patch out soon.

**Gumble** · Sun 21 Mar '10, 6:25am

Originally posted by Paul M

Quick [temp] fix ;

Search the templates for {vb:raw query} replace with {vb:var query}

There are about 10 of them.

Thanks Paul

**CThiessen** · Sun 21 Mar '10, 6:45am

Hi,
could something equal has any effect on vB 3.8.x or is that special in vB4.

Greetings
Christian

**sd2310** · Sun 21 Mar '10, 6:58am

Originally posted by CThiessen

Hi,
could something equal has any effect on vB 3.8.x or is that special in vB4.

Greetings
Christian

Special for vB4.

**sd2310** · Sun 21 Mar '10, 6:59am

Originally posted by Paul M

Quick [temp] fix ;

Search the templates for {vb:raw query} replace with {vb:var query}

There are about 10 of them.

Thanks

**lim (x³-7x²) = ∞** · Sun 21 Mar '10, 7:42am

date [2010-03-19]

why it take them so long to react? 2 days and still not fixed

previous xss was fixed after more then 1 week (first report 2010-02-15, second report 2010-02-20, fixed on 2010-02-23)

**sd2310** · Sun 21 Mar '10, 8:06am

Originally posted by lim (x³-7x²) = ∞

why it take them so long to react? 2 days and still not fixed

Maybe because:

Originally posted by icarusforde

Because it's not just a few lines of code to edit.

vBulletin 4 End of Life

Announcement

new XSS vulnerability [4.0.2 PL 1] we are affected?

[Forum] new XSS vulnerability [4.0.2 PL 1] we are affected?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment