Jake B

Name of the Vulnerable Software and Affected Versions XenForo versions prior to 2.2.17 and prior to 2.3.1 Description XenForo is susceptible to an open redirect issue. The `getDynamicRedirect()` function does not properly validate the redirect target. This allows attackers to redirect users to arbitrary external sites using crafted URLs containing newlines, user credentials, or host mismatches. Recommendations Update to XenForo version 2.2.17 or later. Update to XenForo version 2.3.1 or later.