JELSOFT SECURITY BULLETIN – vBulletin 3.8.4 PL1, 3.7.6 PL1 and 3.6.12 PL2

Interactive Online > Blog  > Open Source  > JELSOFT SECURITY BULLETIN – vBulletin 3.8.4 PL1, 3.7.6 PL1 and 3.6.12 PL2

JELSOFT SECURITY BULLETIN – vBulletin 3.8.4 PL1, 3.7.6 PL1 and 3.6.12 PL2

An XSS flaw related to JavaScript escaping has been identified. This could allow an attacker to carry out an action as a user or obtain access to a user’s account. To resolve this issue, it is necessary to release patch level versions of vBulletin 3.8.4, 3.7.6 and 3.6.12.

The upgrade process is the same as previous patch level releases – simply download the patch from the Members’ Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.

Full details of the release can be found in the vBulletin 3.8.4 PL1 / 3.7.6 PL1 / 3.6.12 PL2 release announcement thread:

http://www.vbulletin.com/go/384pl1