CVE-2026-35055

CVSS v3.1

6.1

Medium

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XSS) related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-35055

Affected Products

Xenforo

CVE-2026-35055

Weakness Enumeration

Related Identifiers

Affected Products

References · 3