A vulnerability has been discovered in the NSN Supporters Module which, under some conditions may allow a hacker to conduct a successful XSS attack on affected sites.
 
 The conditions required are either incorrectly set MIME TYPEs at server level or if the module is configured to allow upload of Supporter images.
 
 With immediate effect:
 If you are using this module, ensure you have not allowed image uploads.
 A temporary fix is discussed here:
 http://ravenphpscripts.com/postx13183-0-0.html