Erwin
03-20-2005, 08:46 PM
Posted at vBulletin.com by Kier:
http://www.vbulletin.com/forum/showthread.php?t=133459
--------------------------------------------------------------------------
It has come to our attention that an XSS issue exists within vBulletin 3 in versions up to and including 3.0.7.
However, the circumstances that allow this XSS issue to be exploited are rare so the vast majority of installations will be unaffected.
Your installation is vulnerable if
You do not Allow Search Wild Cards or
You have a very large Search Index Minimum Word Length value (more than ten characters)
If these conditions apply to your board, you can easily secure your installation against XSS exploitation by turning on search wild cards and setting a smaller (6 or less) value for Search Index Minimum Word Length.
Both of these settings can be found in vBulletin Options > Message Searching Options (Default Search)
If you are unable to change these settings, you can simply overwrite the existing includes/functions_search.php file with the one attached to this thread. If neither of these conditions applies to you, there is no need to download this file at all.
Attached Fileshttps://vborg.vbsupport.ru/external/2005/03/2.giffunctions_search.php (http://www.vbulletin.com/forum/attachment.php?attachmentid=13444) (21.9 KB, 177
http://www.vbulletin.com/forum/showthread.php?t=133459
--------------------------------------------------------------------------
It has come to our attention that an XSS issue exists within vBulletin 3 in versions up to and including 3.0.7.
However, the circumstances that allow this XSS issue to be exploited are rare so the vast majority of installations will be unaffected.
Your installation is vulnerable if
You do not Allow Search Wild Cards or
You have a very large Search Index Minimum Word Length value (more than ten characters)
If these conditions apply to your board, you can easily secure your installation against XSS exploitation by turning on search wild cards and setting a smaller (6 or less) value for Search Index Minimum Word Length.
Both of these settings can be found in vBulletin Options > Message Searching Options (Default Search)
If you are unable to change these settings, you can simply overwrite the existing includes/functions_search.php file with the one attached to this thread. If neither of these conditions applies to you, there is no need to download this file at all.
Attached Fileshttps://vborg.vbsupport.ru/external/2005/03/2.giffunctions_search.php (http://www.vbulletin.com/forum/attachment.php?attachmentid=13444) (21.9 KB, 177