XenForo Security Fix for 1.0.0 - 1.1.2

Discussion in 'XenForo Discussions' started by News Bot, Jun 19, 2012.

News Bot Regular Member

Joined:

Apr 28, 2011

Messages:

429

Likes Received:

63

Location:

Cyber Space

An XSS security issue within XenForo's included version of the SWFUpload library has been identified. This issue may allow an attacker to compromise your (or your members') accounts. (Thanks to Wootalyzer for bringing this issue to our attention.)

We recommend you fix this issue as soon as possible by upgrading to XenForo 1.1.3 or using the attached patch.

Applying the Patch

To fix the issue using the attached file, simply overwrite your existing version of thejs/swfupload/Flash/swfupload.swf file with the version in the attached file (contained at the same location within the zip).

Continue reading...

News Bot, Jun 19, 2012

#1
Carlos Regular Member

Joined:

Apr 20, 2003

Messages:

751

Likes Received:

251

Location:

California

Patched my sites with this.

Carlos, Jun 19, 2012

#2
Dan Hutter aka Big Dan

Joined:

Jul 20, 2006

Messages:

1,412

Likes Received:

515

Location:

New York

Me too it was really fast and easy

Dan Hutter, Jun 19, 2012

#3
Brandon Regular Member

Joined:

Jun 1, 2009

Messages:

6,602

Likes Received:

1,706

Location:

Topeka, Kansas

First Name:

Brandon

Both my sites have now been patched.

Brandon, Jun 19, 2012

#4
SpacewardAsh Lurking From Space

Joined:

Jan 2, 2011

Messages:

211

Likes Received:

683

Location:

Falmouth, Cornwall, UK

First Name:

Ashley

Patched mine via an update to 1.1.3. Now lets hope that no more vulnerabilities are found or that XF decide to use something else that is being maintained...

SpacewardAsh, Jun 21, 2012

#5