14 DAY TRIAL // The developer of Invision Power Board (IP.Board) revealed that it identified a cross-site scripting (XSS) issue that affects all the IP.Board 3.x variants, and as a result a simple one file patch was released to address the vulnerability.
“It has come to our attention that a XSS (Cross Site Scripting) attack is possible within the Admin CP. The JavaScript is only executed when viewing the detailed pop-up of a specific failed admin log in,” reads a statement from the developers.
Customers of the affected versions are advised to download the provided patch and upload it to the relevant folder on their servers.
Users who rely on older versions of IP.Board are advised to immediately upgrade to the latest variant since it includes not only this fix, but others as well.
The security patches for IP.Board 3.2.x, IP.Board 3.1.x, and IP.Board 3.0.x are available for download here.