Xenforo · Xenforo · CVE-2026-35054
Name of the Vulnerable Software and Affected Versions
XenForo versions prior to 2.3.9
Description
XenForo before version 2.3.9 is susceptible to stored cross-site scripting (XSS) due to issues in how BB code is processed. An attacker can inject malicious scripts using BB code. This code is then saved and executed when other users view the content, potentially compromising their accounts or data.
Recommendations
Update XenForo to version 2.3.9 or later.