===================================================================== CERT-Renater Note d'Information No. 2013/VULN047 _____________________________________________________________________ DATE : 11/02/2013 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running IP.Gallery versions 4.2.x, 5.0.x. ====================================================================== http://community.invisionpower.com/topic/379028-ipgallery-42x-and-50x-security-update/ ______________________________________________________________________ Security Update: 7th February 2013 A cross-site-scripting (XSS) exploit has been discovered in IP.Gallery. We are releasing a security update for versions 4.2.x and 5.0.x today to patch this issue. Instructions: Patching is very easy. Identify the version of IP.Gallery you are running. Download and unzip the appropriate patch file below that matches your version. Upload the contents of the zip to your /public/js directory, overwriting the existing file. IP.Gallery 4.2.x Attached File ipg42_feb13.zip 831bytes 268 downloads IP.Gallery 5.0.x Attached File ipg5_feb13.zip 2.41K 726 downloads Notes: When you apply the security update the bulletin in your AdminCP will still display. We keep the bulletin in place for at least a week after a security release. Our main software packages accessed via the client area have already been updated with this security update. Our thanks to Mohamed Ramadan ( Attack-Secure.com / https://twitter.com/Attack_Secure ) for bringing this to our attention. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================