Jump to content
Login new information ×
Login new information

Patches Released to Fix 4 XSS Vulnerabilities in IP.Board 3.4.5 and IP.Gallery 5.0.5

Matsuda

By Matsuda
in Security & Privacy News

 Share

Recommended Posts

Matsuda

Matsuda

Posted
Posted (edited)

Patches-Released-to-Fix-4-XSS-Vulnerabil

Invision Power Services has published patches to fix a series of four cross-site scripting (XSS) vulnerabilities affecting IP.Board 3.3.4, IP.Board 3.4.5, IP.Gallery 4.2.1 and IP.Gallery 5.0.5.

The first flaw exists in a third-party script included in the “Flowplayer” release. The script in question is only used by IP.Gallery for embedding certain media files when an administrator allows them to be uploaded. The vulnerability cannot be exploited without user interaction.

The second security hole plagues a third-party script included in the “swfupload” release of IP.Board. This bug can only be exploited if the attacker convinces the victim to click on a malicious link.

The last two issues are reflected XSS vulnerabilities that exist within the IP.Board editor routines.

The patches are available on the IPS Community website.



Source

Edited by Matsuda-NSANE
Link to comment
Share on other sites
  • Views 2.6k
  • Created
  • Last Reply

Top Posters In This Topic

  • Matsuda

    1

Popular Days

Top Posters In This Topic

Popular Days

 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...