What's new
Welcome, Guest:

Join us now to get access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, and so, so much more. It's also quick and totally free, so what are you waiting for?

xF2 Released XenForo 2.0.9 Released (Security Fix) 2.0.9

No permission to download
XenForo 2.0.9 fixes a flaw that could potentially be exploited to create a cross-site scripting vulnerability. We recommend that all customers running XenForo 2.0 upgrade to 2.0.9 or use the attached patch file as soon as possible. Note that if you are applying the patch rather than doing a full upgrade to 2.0.9, you will need to apply
You do not have permission to view link Log in or register now.
too.

XenForo extends thanks to Thomas Schneider for identifying the issue.

The issue is an XSS vulnerability. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.

Applying a Fix: Upgrading
You may upgrade to 2.0.9 to fix this issue. You should upgrade as you would to any other release.

Customers with an active license may download 2.0.9 from their
You do not have permission to view link Log in or register now.
. Full details for how to
You do not have permission to view link Log in or register now.
and
You do not have permission to view link Log in or register now.
XenForo can be found in the
You do not have permission to view link Log in or register now.
.

Applying a Fix: Patching
Alternatively, this issue can be fixed by applying the patch in the attached file. You should simply overwrite the following file with the version attached to this message:
  • src/XF/Template/Templater.php
The file can be found at the same path within the attachment.
Author
johnboscoville
Downloads
1
First release
Last update
Rating
0.00 star(s) 0 ratings

More resources from johnboscoville