A cross site request forgery (CSRF) issue has been identified in the SWFUpload library that XenForo uses. This issue may allow an attacker to make requests and carry out actions as you or one of your members.
This issue affects all versions of XenForo available prior to this announcement. We recommend all customers take steps to apply a fix as soon as possible. If you have any questions about applying a fix, please post in the appropriate forum or submit a ticket.
[FONT=Trebuchet...
[url='https://xenforo.com/community/threads/xenforo-security-releases-1-2-7-1-3-6-and-1-4-1-includes-patch.83256/']XenForo Security Releases: 1.2.7, 1.3.6 and 1.4.1 (Includes Patch)[/url]
Continue reading...
This issue affects all versions of XenForo available prior to this announcement. We recommend all customers take steps to apply a fix as soon as possible. If you have any questions about applying a fix, please post in the appropriate forum or submit a ticket.
[FONT=Trebuchet...
[url='https://xenforo.com/community/threads/xenforo-security-releases-1-2-7-1-3-6-and-1-4-1-includes-patch.83256/']XenForo Security Releases: 1.2.7, 1.3.6 and 1.4.1 (Includes Patch)[/url]
Continue reading...