World Affairs Board - View Single Post

**Ironduke** · 01-07-2007, 00:59 AM

The XSS flaw is a known security hole for vB 3.6.0 and can be manually alleviated by banning all HTML. This however forbids the possibility of posting embedded YouTube videos, etc.

It is also the key reason vBulletin released the 3.6.4 patch, which we will upgrade to soon, coinciding with a new dedicated server for the site, which will occur very shortly, the details for which will be released at that time.

BTW, I'm going to split this thread soon and am yet undecided with what to do with these posts. I'd like to preserve this thread and not make it a discussion about the XSS security hole, etc.

01-07-2007, 00:59 AM	#80 (permalink)
Ironduke Burgomaster Join Date: 08-02-03 Location: Minneapolis Posts: 6,859 Country:	The XSS flaw is a known security hole for vB 3.6.0 and can be manually alleviated by banning all HTML. This however forbids the possibility of posting embedded YouTube videos, etc. It is also the key reason vBulletin released the 3.6.4 patch, which we will upgrade to soon, coinciding with a new dedicated server for the site, which will occur very shortly, the details for which will be released at that time. BTW, I'm going to split this thread soon and am yet undecided with what to do with these posts. I'd like to preserve this thread and not make it a discussion about the XSS security hole, etc. __________________ The Buck Stops Here