JELSOFT SECURITY BULLETIN
http://www.vbulletin.com/
7th October 2009
* vBulletin 3.8.4 PL1, 3.7.6 PL1 and 3.6.12 PL2 Released
* Your License Information
* Contact Us
------- VBULLETIN 3.8.4 PL1, 3.7.6 PL1, and 3.6.12 PL2 RELEASED --------------------
An XSS flaw related to JavaScript escaping has been identified. This could allow an attacker to carry out an action as a user or obtain access to a user's account. To resolve this issue, it is necessary to release patch level versions of vBulletin 3.8.4, 3.7.6 and 3.6.12.
The upgrade process is the same as previous patch level releases - simply download the patch from the Members' Area, extract the files and upload to your webserver, overwriting the existing files. There is no upgrade script required.
Full details of the release can be found in the vBulletin 3.8.4 PL1 / 3.7.6 PL1 / 3.6.12 PL2 release announcement thread:
http://www.vbulletin.com/go/384pl1