|
|
YABB/YABB SE Multiple Cross-Site Scripting Vulnerabilites
Solution: The vendor has reported that users who are affected by these vulnerabilities should upgrade to SMF 1.0 Public Beta 4. Additionally, the vendor has announced that fixes for YaBB SE will not be released, as this product is no longer supported. SMF 1.0 Public Beta 4 packages can be downloaded at the following location: http://www.simplemachines.org/download.php An unofficial, untested fix to address this issue is reported to be available at the following location. It should be noted that Symantec has not verified the integrity of this fix: http://www.phpsecure.info The vendor has released YaBB 1 GOLD SP 1.3.2 dealing with this and other issues. Users are advised to update their scripts. YaBB YaBB 1 Gold - SP 1.3
|
|
Privacy Statement |