Saif El-Sherei has identified an XSS (Cross Site Scripting) vulnerability in glFusion v1.2.1's Forum Plugin, specifically with the img BBcode tag. Upon further investigation, we have found other XSS issues with the BBcode implementation. glFusion v1.2.1.pl1 (Patch Level #1) addresses these XSS issues in both the Forum plugin and glFusion's native BBcode implementation.
To simplify the installation of this patch level release, we have packaged all the updated files into a single archive for those users already running glFusion v1.2.1. Download the file and copy the files to your server. There is no need to run the upgrade wizard.
Users of older glFusion releases (prior to v1.2.1) should consider upgrading to glFusion v1.2.1.pl1 as soon as possible.