Description
A security notification was made public on August 4th, 2011 demonstrating a Reflective Cross Site Scripting (XSS) vulnerability against Telligent Community Server 2008.5 and 2007. Even though the public notification was targeted at Telligent Community Server 2008.5 and 2007 we have found that builds of Telligent Community 5.0 and 5.5 are also impacted. This vulnerability has the potential to allow an attacker to launch an attack against users' with unprotected browsers that will execute arbitrary JavaScript within the context of the vulnerable site. Most modern browsers have extra protections in place that will mitigate this type of reflective XSS attack. Even still, we are taking extra precautions to help you safeguard your deployment.
Telligent takes security very seriously and resolved this issue prior to the date this vulnerability was disclosed. We have recently performed two 3rd party security audits on the two most recent versions of Telligent Community and Telligent Enterprise and absolutely zero critical or high risk vulnerabilities were discovered. If you need help or have questions please contact us here.Supported Versions Affected
Prior versions to Community Server 2008.5 SP3 are no longer supported; to upgrade your current version request the latest download of Telligent Community here.Download Hotfixes
To request the hotfix to address this vulnerability, contact Telligent support here.