A recent vBulletin report indicated that there was a potential XSS exploit vector involving the new Activity Stream. Once the cause of the issue was isolated, code changes were made to eliminate the reported threat.
This issue affects ONLY vBulletin 4.2 (Suite & Forum).
A patch has been issued for vBulletin 4.2.
To improve the security of your vBulletin 4 installation, please download the patch from the members area of vBulletin: http://members.vbulletin.com/
The standard upgrade process for a patch level release is:
- Download the patch for the version of vBulletin you're currently running from https://members.vbulletin.com/patches.php.
- Extract the vBulletin patch files from the zip file.
- Upload the patch files to your server, overwriting the old files.
The upgrade.php script does not need to be run.
Files updated in this patch for vBulletin 4.2 (Suite & Forum).
Please note this list does not contain the files changed in vBulletin 4.2 PL1. Only the files changed in vBulletin 4.2 PL2 are listed. However, PL2 also contains all of the changes from PL1.
Licensed customers can discuss the security patch - HERE