PT-2026-29432 · Xenforo · Xenforo
Metho
·
Published
2026-04-01
·
Updated
2026-04-01
·
CVE-2026-35057
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
XenForo versions prior to 2.3.10 and prior to 2.2.19
Description
XenForo is susceptible to stored cross-site scripting (XSS) within structured text mentions, primarily impacting legacy profile post content. An attacker can inject malicious scripts through crafted mentions. These malicious scripts are stored and executed when other users view the affected content.
Recommendations
Update to XenForo version 2.3.10 or later.
Update to XenForo version 2.2.19 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xenforo