• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XenForo Security Fix for 1.0.0 - 1.1.2

XenForo

Company Info
Staff member
#1
An XSS security issue within XenForo's included version of the SWFUpload library has been identified. This issue may allow an attacker to compromise your (or your members') accounts. (Thanks to Wootalyzer for bringing this issue to our attention.)

We recommend you fix this issue as soon as possible by upgrading to XenForo 1.1.3 or using the attached patch.

Applying the Patch

To fix the issue using the attached file, simply overwrite your existing version of thejs/swfupload/Flash/swfupload.swf file with the version in the attached file (contained at the same location within the zip).
 

Attachments