XenForo Security Fix for 1.0.0 - 1.1.2

An XSS security issue within XenForo's included version of the SWFUpload library has been identified. This issue may allow an attacker to compromise your (or your members') accounts. (Thanks to Wootalyzer for bringing this issue to our attention.)

We recommend you fix this issue as soon as possible by upgrading to XenForo 1.1.3 or using the attached patch.

Applying the Patch

To fix the issue using the attached file, simply overwrite your existing version of thejs/swfupload/Flash/swfupload.swf file with the version in the attached file (contained at the same location within the zip).
 

Attachments

Top Bottom