We are releasing patches for IP.Board 3.3.x and IP.Board 3.4.x to address a security issue recently reported to us.
It has been brought to our attention that a cross-site scripting issue exists within the messenger in IP.Board. We are releasing a patch today that addresses this issue.
3.4.7: patch12_5_2014.zip
3.3.4: patch12_5_2014 - 3.3.x.zip
We would like to thank Matthias Ungethüm (http://www.unnex.de) for reporting this issue to us.