Jump to content

Patches Released to Fix 4 XSS Vulnerabilities in IP.Board 3.4.5 and IP.Gallery 5.0.5


Recommended Posts


Invision Power Services has published patches to fix a series of four cross-site scripting (XSS) vulnerabilities affecting IP.Board 3.3.4, IP.Board 3.4.5, IP.Gallery 4.2.1 and IP.Gallery 5.0.5.

The first flaw exists in a third-party script included in the “Flowplayer” release. The script in question is only used by IP.Gallery for embedding certain media files when an administrator allows them to be uploaded. The vulnerability cannot be exploited without user interaction.

The second security hole plagues a third-party script included in the “swfupload” release of IP.Board. This bug can only be exploited if the attacker convinces the victim to click on a malicious link.

The last two issues are reflected XSS vulnerabilities that exist within the IP.Board editor routines.

The patches are available on the IPS Community website.


Edited by Matsuda-NSANE
Link to comment
Share on other sites

  • Replies 0
  • Views 2.5k
  • Created
  • Last Reply

Top Posters In This Topic

  • Matsuda


Popular Days

Top Posters In This Topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...