Xenforo: Security Vulnerabilities
Xenforo before 2.2.16 allows CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-06-16
Xenforo before 2.2.16 allows code injection.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-06-16
XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import.
CVSS Score
8.1
EPSS Score
0.003
Published
2024-02-29
In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side.
CVSS Score
4.8
EPSS Score
0.038
Published
2021-11-03