XenForo Security Fix for 1.0.0 - 1.1.2

Discussion in 'XenForo Discussions' started by News Bot, Jun 19, 2012.

News Bot Regular Member

429

63

394

An XSS security issue within XenForo's included version of the SWFUpload library has been identified. This issue may allow an attacker to compromise your (or your members') accounts. (Thanks to Wootalyzer for bringing this issue to our attention.)

We recommend you fix this issue as soon as possible by upgrading to XenForo 1.1.3 or using the attached patch.

Applying the Patch

To fix the issue using the attached file, simply overwrite your existing version of thejs/swfupload/Flash/swfupload.swf file with the version in the attached file (contained at the same location within the zip).

Continue reading...

News Bot, Jun 19, 2012

#1
Carlos Regular Member

751

251

462

Patched my sites with this.

Carlos, Jun 19, 2012

#2
Dan Hutter aka Big Dan

1,412

515

818

Me too it was really fast and easy

Dan Hutter, Jun 19, 2012

#3
Brandon Regular Member

6,602

1,707

918

Both my sites have now been patched.

Brandon, Jun 19, 2012

#4
SpacewardAsh Lurking From Space

211

683

818

Patched mine via an update to 1.1.3. Now lets hope that no more vulnerabilities are found or that XF decide to use something else that is being maintained...

SpacewardAsh, Jun 21, 2012

#5

(You must log in or sign up to reply here.)

Similar Threads

Loading...

Share This Page