On Wednesday, January 08, 2014 01:52:30 AM Jim Henderson wrote:
On Tue, 07 Jan 2014 17:12:51 -0800, John Andersen wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 1/7/2014 4:53 PM, Carlos E. R. wrote:
On 2014-01-08 01:04, Jim Henderson wrote:
The article, which may not be accurate, says OpenSuse was not running the most current version of vBulletin. It might be fixed already in later versions.
The exploit was in the vbseo addon, which was developed by a now defunct company and is no longer patched.
So I'm told.
Jim
Googling around I found the possible flaw. A Cross Site Scripting ( XSS - Stored ) vulnerability in vBulletin SEO Plugin vBSEO on older versions not fixed on newer. http://www.jaygadkar.com/2013/12/cross-site-scripting-xss-stored_24.html -- Ricardo Chung | Member openSUSE Projects -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org