Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: vBulletin XSS Security Bug
From: "Alex Yu" <yua () yudesigns com>
Date: Mon, 21 Oct 2002 13:42:21 -0400

.:: vBulletin XSS Security Bug

+ Solution:

    - Forum administrator can add some codes that will check 
the referred 
URL and filter its inputs or upgrade to vBulletin 3.0.

Incorrect information.  vBulletin 3.0 is still in beta and is not
available for download.  vBulletin team has posted a fix and will
include this patch in the upcoming 2.2.9 release.

To download the bug fix, please go to this URL:

http://www.vbulletin.com/forum/showthread.php?threadid=57203

As far as I know, vBulletin was not informed about this security bug
before the exploit went public.

BTW, I do not work for vBulletin.

Best,
Alex


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]