#184
During testing of vBulletin 4.2.2 a potential xss exploit was found by our QA team in the Forum Runner application.
This issue is fixed in vB4.2.2 & we have released PL updates for 4.2.1, 4.2.0 & 4.1.12.
vBulletin 4.2.1 PL1
vBulletin 4.2.0 PL4
vBulletin 4.1.12 PL4
Note that this only affects the included Forum Runner application, not the main vB4 Forum or Suite.
If you are not using the Forum Runner application on your forum, you will not be affected by this issue.
To patch your forum you can do one of three things.
1. Download the relevant patch for you version, unzip it, and upload the patch files to your server.
2. Download the latest full version of vB4.2.x, unzip and upload the files, and upgrade your forum to the latest version (delete the install folder afterwards).
3. Download the full set of files for your current version, unzip and upload the files to replace all the files on your server (delete the install folder afterwards).
