By Corey on Aug 19, 2010. Updated: Nov 20, 2011.
This is not a flaw in the Onpub source code. But since Onpub bundles the full YUI distribution, previous versions of Onpub are now not secure as a result of this flaw in YUI. Please update all your Onpub installations to this latest release (version 0.9.8) to protect yourself from this vulnerability.
If you are unable to upgrade Onpub at this time, you can fix this flaw by deleting the following files from your Onpub install folder:
Though, as mentioned above, upgrading to the latest Onpub release is the recommended way to fix this problem.
Yahoo! just announced this flaw earlier today, so we were quick to push out a new release so all our users can update their Onpub installations and be secure as a result. See YUI Blog's release announcement for more information.
This new version also includes the latest version of CKEditor (release announcement).