=====================================================================

                                CERT-Renater

                      Note d'Information No. 2012/VULN114
_____________________________________________________________________

DATE                : 12/03/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running IP.Board versions 3.2.x.

======================================================================
http://community.invisionpower.com/topic/358403-ipboard-32x-security-update/
_______________________________________________________________________

It has come to our attention that a XSS (Cross Site Scripting) attack
is possible under specific circumstances when editing a post another
member has made.

This issue only exists in IP.Board 3.2.0, 3.2.1, 3.2.2 and 3.2.3.
We recommend that everyone using these versions apply this simple
two file patch.

Simply download the zip, expand it on your computer and upload the
files to the relevant folders on your server. The directory structure
is maintained in the zip so you will have no issues finding the files.


If you need assistance, please contact technical support.


Attached File  march-editor-patch_3_2.zip   25.21K   592 downloads


Note: The main download zip has been updated .


======================================================================

=========================================================
Les serveurs de référence du CERT-Renater
http://www.cru.fr/securite
http://www.renater.fr
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================