Hey all,
Thanks to InterNot we've been able to identify and fix a potential XSS exploit in vBShout v6.0.8.
You can either re-download v6.0.8 and re-upload /dbtech/vbshout/actions/archive.php file directly within the upload folder, or you can apply a manual file edit.
For the manual file edit, open up /dbtech/vbshout/actions/archive.php within your forum directory and find:
Replace with:
Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
Thanks to InterNot we've been able to identify and fix a potential XSS exploit in vBShout v6.0.8.
You can either re-download v6.0.8 and re-upload /dbtech/vbshout/actions/archive.php file directly within the upload folder, or you can apply a manual file edit.
For the manual file edit, open up /dbtech/vbshout/actions/archive.php within your forum directory and find:
PHP:
$vbulletin->input->clean_array_gpc('r', array(
'username' => TYPE_STR,
'hours' => TYPE_UINT,
'filter' => TYPE_ARRAY_UINT,
'from' => TYPE_ARRAY,
'end' => TYPE_ARRAY,
));Replace with:
PHP:
$vbulletin->input->clean_array_gpc('r', array(
'username' => TYPE_STR,
'hours' => TYPE_UINT,
'filter' => TYPE_ARRAY_UINT,
'from' => TYPE_ARRAY_UINT,
'end' => TYPE_ARRAY_UINT,
));Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
