PT-2026-29429 · Xenforo · Xenforo
Antisocial
·
Published
2026-04-01
·
Updated
2026-04-01
·
CVE-2026-35054
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
XenForo versions prior to 2.3.9
Description
XenForo before version 2.3.9 is susceptible to stored cross-site scripting (XSS) due to issues in how BB code is processed. An attacker can inject malicious scripts using BB code. This code is then saved and executed when other users view the content, potentially compromising their accounts or data.
Recommendations
Update XenForo to version 2.3.9 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xenforo