CVE-2026-35054

CVSS v3.1

6.4

Medium

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-35054

Affected Products

Xenforo

CVE-2026-35054

Weakness Enumeration

Related Identifiers

Affected Products

References · 3