14 DAY TRIAL // Invision Power Services has released patches for IP.Board 3.3.x and 3.4.x in order to address a couple of cross-site scripting (XSS) vulnerabilities. Artur Czyż and “indistic” have been credited for finding and reporting the security holes.
“IP.Board takes precaution against cross site scripting issues by ensuring sensitive forms and buttons have a unique key in them and also by ensuring that sensitive cookie data is not readable by javascript. However, we feel that it is in our clients best interest to have these issues resolved,” the company noted in its advisory.
Users of IPS Community in the Cloud are not required to do anything since the patches have been automatically deployed. Other customers must download the archives and upload the files to their servers.
The IP.Board patches are available on the IPS Community forum. You can download IP.Board from Softpedia.