PT-2026-29411 · Xenforo · Xenforo
Jake B
+2
·
Published
2026-04-01
·
Updated
2026-04-01
·
CVE-2024-58342
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
XenForo versions prior to 2.2.17 and prior to 2.3.1
Description
XenForo is susceptible to an open redirect issue. The
getDynamicRedirect() function does not properly validate the redirect target. This allows attackers to redirect users to arbitrary external sites using crafted URLs containing newlines, user credentials, or host mismatches.Recommendations
Update to XenForo version 2.2.17 or later.
Update to XenForo version 2.3.1 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xenforo