Mailinglist Archive: opensuse (1420 mails)

< Previous Next >
Re: [opensuse] Re: forums.opensuse.org down?
On Wednesday, January 08, 2014 01:52:30 AM Jim Henderson wrote:
On Tue, 07 Jan 2014 17:12:51 -0800, John Andersen wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 1/7/2014 4:53 PM, Carlos E. R. wrote:
On 2014-01-08 01:04, Jim Henderson wrote:


The article, which may not be accurate, says OpenSuse was not running
the most current version of vBulletin. It might be fixed already in
later versions.

The exploit was in the vbseo addon, which was developed by a now defunct
company and is no longer patched.

So I'm told.

Jim

Googling around I found the possible flaw. A Cross Site Scripting ( XSS -
Stored ) vulnerability in vBulletin SEO Plugin vBSEO on older versions not
fixed on newer.

http://www.jaygadkar.com/2013/12/cross-site-scripting-xss-stored_24.html



--
Ricardo Chung |
Member
openSUSE Projects
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups