From: glFusion Support <support@gl...> - 2011-01-15 02:13:43
-----BEGIN PGP SIGNED MESSAGE-----
Saif El-Sherei has identified an XSS (Cross Site Scripting)
vulnerability in glFusion v1.2.1's Forum Plugin, specifically with the
img BBcode tag. Upon further investigation, we have found other XSS
issues with the BBcode implementation. glFusion v1.2.1.pl1 (Patch Level
#1) addresses these XSS issues in both the Forum plugin and glFusion's
native BBcode implementation.
glFusion v1.2.1.pl1 (Patch Level #1) has been released to resolve this
issue. All users should upgrade immediately.
To simplify the installation of this patch level release, we have
packaged all the updated files into a single archive for those users
already running glFusion v1.2.1. Download the
(http://www.glfusion.org/filemgmt/index.php?id=423) file and copy the
files to your server. There is no need to run the upgrade wizard.
Users of older glFusion releases (prior to v1.2.1) should consider
upgrading to glFusion v1.2.1.pl1
(http://www.glfusion.org/filemgmt/viewcat.php?cid=1) as soon as possible.
The glFusion Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----