No announcement yet.

Potential Forum Runner XSS Exploit (vBulletin 4.1.12, vBulletin 4.2+)

  • Filter
  • Time
  • Show
Clear All
new posts

  • Potential Forum Runner XSS Exploit (vBulletin 4.1.12, vBulletin 4.2+)

    During testing of vBulletin 4.2.2 a potential xss exploit was found by our QA team in the Forum Runner application.

    As a result we have fixed this issue in vB4.2.2 & are releasing PL updates for 4.2.1, 4.2.0 & 4.1.12.

    vBulletin 4.2.1 PL1
    vBulletin 4.2.0 PL4
    vBulletin 4.1.12 PL4

    Note that this only affects the included Forum Runner application, not the main vB4 Forum or Suite.
    If you are not using the Forum Runner application on your forum, you will not be affected by this issue.
    To patch your forum you can do one of three things.
    1. Download the relevant patch for you version, unzip it, and upload the patch files to your server.
    2. Download the latest full version of vB4.2.x, unzip and upload the files, and upgrade your forum to the latest version (delete the install folder afterwards).
    3. Download the full set of files for your current version unzip and upload the files to replace all the files on your server (delete the install folder afterwards)..
    Baby, I was born this way
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.