Hey all,
We've just identified a potential XSS exploit in Advanced User Tagging v3.0.6 (Pro) or older.
To fix it, you can either update to v3.0.6 now - or, if you have updated already, re-download v3.0.6 and re-upload /dbtech/usertag/actions/list.php
-or-
Open /dbtech/usertag/actions/list.php that file and find:
Change to:
The Lite version is not vulnerable, as the vulnerability exists in a Pro-only feature.
We apologise for the inconvenience, and as always, thank you for your continued support
Discuss this news here.
We've just identified a potential XSS exploit in Advanced User Tagging v3.0.6 (Pro) or older.
To fix it, you can either update to v3.0.6 now - or, if you have updated already, re-download v3.0.6 and re-upload /dbtech/usertag/actions/list.php
-or-
Open /dbtech/usertag/actions/list.php that file and find:
PHP:
$vbulletin->input->clean_gpc('r', 'hash', TYPE_STR);
PHP:
$vbulletin->input->clean_gpc('r', 'hash', TYPE_NOHTML);The Lite version is not vulnerable, as the vulnerability exists in a Pro-only feature.
We apologise for the inconvenience, and as always, thank you for your continued support
Discuss this news here.
