1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XenForo Security Fix for 1.0.0 - 1.1.2

Discussion in 'Announcements' started by XenForo, Jun 19, 2012.

  1. XenForo

    XenForo Company Info Staff Member

    An XSS security issue within XenForo's included version of the SWFUpload library has been identified. This issue may allow an attacker to compromise your (or your members') accounts. (Thanks to Wootalyzer for bringing this issue to our attention.)

    We recommend you fix this issue as soon as possible by upgrading to XenForo 1.1.3 or using the attached patch.

    Applying the Patch

    To fix the issue using the attached file, simply overwrite your existing version of thejs/swfupload/Flash/swfupload.swf file with the version in the attached file (contained at the same location within the zip).

    Attached Files:

    psx, Liam W, Ryan_ and 44 others like this.

Share This Page