CVE-2023-53904

Name of the Vulnerable Software and Affected Versions Xenforo version 2.2.13

Description The software contains a stored cross-site scripting issue. Authenticated administrators can inject malicious scripts through the smilie category title parameter. Creating a smilie category with a malicious script can lead to script execution when the admin panel is loaded, potentially enabling further client-side attacks. The vulnerable parameter is smilie category title.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the smilie category title input to prevent script injection.