MyBB 1.1.1 Released
#1
MyBB 1.1.1 is a security update to the MyBB 1.x series. It fixes several moderate-low risk cross site scripting exploits which have recently been found and published in MyBB. It also fixes a potentially larger security issue on some installations.

We recommend all users upgrade their copy of MyBB to the latest available release.

Fixed vulnerabilities:
  • Fixes direct initialization of global.php and inc/init.php which could lead to security vulnerabilities (imei Web Security)
  • Possible cross site scripting through unproper sanitisation of [img] tags (imei Web Security)
  • Possible cross site scripting through login redirection URL (imei Web Security)
  • Possible cross site scripting through unproper sanitization of [email] tags (Devil-00)
  • Possible cross site scripting through signature preview page (Roozbeh Afrasiabi)
  • Possible cross site scripting through guest usernames when posting (Devil-00)
  • Possible cross site scripting through attachment content disposition for HTML attachments (WhiteAcid)
The release on the MyBB site has also been updated to 1.1.1.

Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.

MyBB Group


Messages In This Thread
MyBB 1.1.1 Released - by - 04-14-2006, 01:29 AM
RE: MyBB 1.1.1 Released - by - 04-14-2006, 01:30 AM
RE: MyBB 1.1.1 Released - by - 04-14-2006, 01:39 AM
RE: MyBB 1.1.1 Released - by - 04-14-2006, 03:19 AM
RE: MyBB 1.1.1 Released - by - 04-15-2006, 03:59 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)