=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN167
_____________________________________________________________________

DATE                      : 18/05/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running IP.Board 3.0.x.

======================================================================
http://community.invisionpower.com/topic/310713-ipboard-30x-security-patch-released/
______________________________________________________________________

A security issue has been discovered in IP.Board 3.0.x that could potentially
allow a malicious user to insert JavaScript or other code into your community.

The damage this sort of attack can do is mitigated by IP.Board's use of
HTTP-only cookies and other security measures.

As part of our continued dedication to security enhancement, we are releasing
a simple patch for IP.Board 3.0.5 to address this issue. If you are running
IP.Board versions less than 3.0.5 simply upgrade your software version. Note
that this issue does not exist in IP.Board 3.1.0 Beta 2 and beyond.

Download Patch

Simply upload the attached file to: admin/sources/classes/bbcode/custom/defaults.php

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================