14 DAY TRIAL // A security update has been released to address a couple of cross-site scripting (XSS) vulnerabilities that affected IP.Board 3.2.0, 3.2.1, 3.2.2 and the latest variant 3.2.3.
Initially, a patch was made available on March 9 to address one of the issues, but a few days later another fix was released to resolve the second XSS.
One of the XSSs was identified on March 10 by security researcher Vasil A. He found that forums which contained sub-forums were not affected by the flaw, and that attacks could be performed by using the “legacy URL style” in the query.
The security expert known as Flexxpoint has told us that even though the fix has been released for a day now, many board administrators have failed to apply the updates.
The security update is available for download here
Invision Power Board 3.2.3 is available for download here