Суть - XSS, внедрения стороннего html кода (js или iframe) на странице через имя аттача.
Отправлено 16 Февраль 2017 - 19:24
Two security issues have been identified in IP.Board 3.4.x. Unauthorized users may be able to issue warnings, and users may be able to obtain certain member information if they know the member's linked Facebook account ID. To resolve this issue, please download this patch and apply it to your site.
Please note that no further security updates will be made available as of April 1, 2017, and we strongly encourage you to consider upgrading to our latest Community Suite v4 release. Please contact us if you have any questions.