The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2017-4287 Related Report None Severity HIGH Exploit Difficulty NORMAL Platform Affects all platforms supported by the vulnerable versions. Description Denial of Service. Due to a flaw in the integration system, users with certain permissions may be able to replace certain forum nodes with fatal errors. Does not affect Lite versions.
Discovered November 19, 2017 Resolved December 1, 2017 Patches Available 4.0.20 Patch Level 1
4.0.19 Patch Level 4
4.0.18 Patch Level 5
4.0.17 Patch Level 7
4.0.16 Patch Level 8
4.0.15 Patch Level 12
Workaround In the Wiki Admin Panel, go to Content > Integration, and delete all forum integrations (disabling will not work).
NotesThe patch will not correct existing fatal errors; this would require a full upgrade when the next version is released. For forums that were already replaced with fatal errors, run the following MySQL query (replacing "AFFECTED_FORUM_ID" with the appropriate number):
FROM vw_integrate AS vw_integrate
LEFT JOIN vw_nodetype AS vw_nodetype ON (vw_nodetype.id = vw_integrate.itemtypeid)
WHERE vw_nodetype.accesskey = 'Page'
AND vw_integrate.nodeid = AFFECTED_FORUM_ID
Categories: XSS:4.0.0 XSS:4.0.0 Alpha 1 XSS:4.0.0 Alpha 2 XSS:4.0.0 Alpha 3 XSS:4.0.0 Alpha 4 XSS:4.0.0 Alpha 5 XSS:4.0.0 Alpha 6 XSS:4.0.0 Alpha 7 XSS:4.0.0 Beta 1 XSS:4.0.0 Beta 2 XSS:4.0.0 Beta 3 XSS:4.0.0 Beta 4 XSS:4.0.0 Beta 5 XSS:4.0.0 Beta 6 XSS:4.0.0 Beta 7 XSS:4.0.0 Gamma 1 XSS:4.0.0 Gamma 2 XSS:4.0.0 Gamma 3 XSS:4.0.0 Gamma 4 XSS:4.0.0 Gamma 5 XSS:4.0.0 Gamma 6 XSS:4.0.0 Gamma 7 XSS:4.0.0 Patch Level 1 XSS:4.0.0 Patch Level 2 XSS:4.0.0 Patch Level 3 More…