Christoph Feddersen

A recently discovered cross-site scripting (XSS) flaw in all three branches of vBulletin has prompted us to perform a security update, releasing new versions of vBulletin 2, 3.0.x and 3.5.x simultaneously.

All prior versions of vBulletin are vulnerable and we advise customers to upgrade or patch their vBulletin installations at their earliest convenience.

• Read the full announcement for vBulletin 3.x
• Read the full announcement for vBulletin 3.5.x

This entry was posted on Thursday, January 5th, 2006 at 3:32 pm and is filed under Security, vbulletin. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.