• We've added extra Spam Protection. if you get problem with account registration / registration rejected. please contact us
  • Note: don´t push posting-counter with messages like thx, good, haha, only use reactions! threads will be deleted without any comment or notification. Read Rules.
  • Note: All new memeber's needs minimum 10 good posts for download files.. Read More!
Sofia

XenForo 2.0.9 Released (Security Fix) Full

No permission to download
XenForo 2.0.9 fixes a flaw that could potentially be exploited to create a cross-site scripting vulnerability. We recommend that all customers running XenForo 2.0 upgrade to 2.0.9 or use the attached patch file as soon as possible. Note that if you are applying the patch rather than doing a full upgrade to 2.0.9, you will need to apply the 2.0.8 patch too.

XenForo extends thanks to Thomas Schneider for identifying the issue.

The issue is a XSS vulnerability. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.

Applying a Fix: Upgrading

You may upgrade to 2.0.9 to fix this issue. You should upgrade as you would to any other release.

Applying a Fix: Patching

Alternatively, this issue can be fixed by applying the patch in the attached file. You should simply overwrite the following file with the version attached to this message:
  • src/XF/Template/Templater.php
The file can be found at the same path within the attachment.
  • Like
Reactions: faresdja
Author
Sofia
Downloads
3
Views
80
First release
Last update
Rating
4.00 star(s) 1 ratings

More resources from Sofia

Top

AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features of our website. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock
Hello! It seems that you are using AdBlock - some functions may not be available. Please add us as exceptions. Thank you for understanding!