Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: vBulletin XSS Security Bug

From: "Alex Yu" <yua () yudesigns com>
Date: Mon, 21 Oct 2002 13:42:21 -0400
.:: vBulletin XSS Security Bug

+ Solution:

    - Forum administrator can add some codes that will check 
the referred 
URL and filter its inputs or upgrade to vBulletin 3.0.


Incorrect information.  vBulletin 3.0 is still in beta and is not
available for download.  vBulletin team has posted a fix and will
include this patch in the upcoming 2.2.9 release.

To download the bug fix, please go to this URL:

http://www.vbulletin.com/forum/showthread.php?threadid=57203

As far as I know, vBulletin was not informed about this security bug
before the exploit went public.

BTW, I do not work for vBulletin.

Best,
Alex
Previous By Date Next
Previous By Thread Next

Current thread: