Xenforo

xenforo

Vendor: Xenforo • 14 CVEs

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-35057 1Xenforo 1Xenforo Apr 1, 2026 Apr 1, 2026 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions, primarily affecting legacy profile post content. An attacker can inject malicious scripts through cr...Show more XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions, primarily affecting legacy profile post content. An attacker can inject malicious scripts through crafted mentions that are stored and executed when other users view the content.Show less
CVE-2026-35056 1Xenforo 1Xenforo Apr 1, 2026 Apr 1, 2026 8.6 HIGH· v4 7.2 HIGH· v3 N/A· v2 XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server.
CVE-2026-35055 1Xenforo 1Xenforo Apr 1, 2026 Apr 1, 2026 5.1 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XSS) related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed...Show more XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XSS) related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox.Show less
CVE-2026-35054 1Xenforo 1Xenforo Apr 1, 2026 Apr 1, 2026 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the conten...Show more XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content.Show less
CVE-2025-71282 1Xenforo 1Xenforo Apr 1, 2026 Apr 1, 2026 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure.
CVE-2025-71281 1Xenforo 1Xenforo Apr 1, 2026 Apr 1, 2026 8.7 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method ca...Show more XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potentially allowing unauthorized method invocations.Show less
CVE-2025-71280 1Xenforo 1Xenforo Apr 1, 2026 Apr 1, 2026 6.9 MEDIUM· v4 5.5 MEDIUM· v3 N/A· v2 XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user informatio...Show more XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users.Show less
CVE-2025-71279 1Xenforo 1Xenforo Apr 1, 2026 Apr 1, 2026 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication.
CVE-2025-71278 1Xenforo 1Xenforo Apr 1, 2026 Apr 1, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications...Show more XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level.Show less
CVE-2024-58342 1Xenforo 1Xenforo Apr 1, 2026 Apr 1, 2026 5.3 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does not adequately validate the redirect target, allowing attackers to redirect users to arbitrary exte...Show more XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does not adequately validate the redirect target, allowing attackers to redirect users to arbitrary external sites using crafted URLs containing newlines, user credentials, or host mismatches.Show less
CVE-2024-38458 1Xenforo 1Xenforo Nov 21, 2024 Jun 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Xenforo before 2.2.16 allows code injection.
CVE-2024-38457 1Xenforo 1Xenforo Nov 21, 2024 Jun 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Xenforo before 2.2.16 allows CSRF.
CVE-2024-25006 1Xenforo 1Xenforo Jun 17, 2026 Feb 29, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import.
CVE-2021-43032 1Xenforo 1Xenforo Jun 17, 2026 Nov 3, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute glo...Show more In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side.Show less