这里是从网页截图中提取的关于漏洞的关键信息,使用Markdown简洁地表示: --- [Security] BBCCode Defect Bug Source XMB, all versions Symptoms Unexpected output, Javascript compromise (XSS) Security Impact High CVE ID CVE-2021-29399 Disclosed By Igor Sak-Sakovskiy, Positive Technologies Fixed By XMB 1.9.12.03 and later are not affected. XMB 1.9.11.16 also includes this patch. Recommendations: Servers running PHP 7 or PHP 8 - If you installed XMB 1.9.12 - Files can be replaced or merged from XMB-1.9.12.03 zip - If you installed XMB 1.9.11 - Upgrade to version 1.9.12.03. Alternatively (PHP 7 only) replace or merge files from XMB-1.9.11.16.zip Servers running PHP 5 - If you installed XMB 1.9.11 - Files can be replaced or merged from XMB-1.9.11.16.zip - If you installed XMB 1.9.1 through 1.9.10 - Upgrade to version 1.9.11.16. - Please consider updating your server with a new version of PHP. Upgrade Instructions Patch Files xmb-1.9.12-bbcode.patch (7kB) xmb-1.9.11-bbcode.patch (6kB) Patching Unsupported Versions Attempting to modify versions less than 1.9.11 is strongly discouraged because the BBCodes functions and related features are different in each version. XMB 1.9.12.03 is the most secure version and the preferred solution. ---