14 DAY TRIAL // Invision Power Services has released IP.Board 3.3.4. The new version comes with a number of functionality bug fixes, but it also addresses a cross-site scripting (XSS) vulnerability that affects the search result page.
The XSS security hole has been patched in IP.Board 3.3.4, but for older versions, customers must apply the patches made available by the vendor manually.
“Simply download the relevant zip file, expand and upload the file inside. The directory structure has been retained so you can quickly locate the file you need to update,” Invision Power Services representatives advise.
This is not the first time this year when an XSS vulnerability is identified in IP.Board. Back in February, a one-file patch was released for a flaw that could allow an attack in the Admin CP. A similar bug was also fixed in March.
Users are advised to update to the latest version.
The XSS patches for older versions are available here.
Invision Power Board is available for download here.