An XSS vulnerability has been discovered in vBulletin 3 and posted to BugTraq.
vBulletin 3 versions RC2, RC3 and RC4 are affected. This has necessitated the release of an updated version of includes/init.php to patch the problem.
The members' area package has been updated with this file.
If you are already running vBulletin 3 RC4, simply upload the attached init.php file to the 'includes' folder in your forum directory, overwriting the existing one.
If you are running a previous version of vBulletin 3, we recommend that you upgrade to the version of RC4 available in the members' area as soon as possible.
vBulletin 2.3.4 and earlier are not affected. Sites running vBulletin 2 need take no action.
vBulletin 3 versions RC2, RC3 and RC4 are affected. This has necessitated the release of an updated version of includes/init.php to patch the problem.
The members' area package has been updated with this file.
If you are already running vBulletin 3 RC4, simply upload the attached init.php file to the 'includes' folder in your forum directory, overwriting the existing one.
If you are running a previous version of vBulletin 3, we recommend that you upgrade to the version of RC4 available in the members' area as soon as possible.
vBulletin 2.3.4 and earlier are not affected. Sites running vBulletin 2 need take no action.
Comment