Lucene search
K

4 matches found

Cvelist
Cvelist
added 2025/12/17 10:44 p.m.20 views

CVE-2023-53904 Xenforo 2.2.13 Authenticated Stored Cross-Site Scripting via Smilie Categories

Xenforo 2.2.13 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the smilie category title parameter. Attackers can create a smilie category with a malicious script that will execute when the admin panel is loaded,...

5.1CVSS0.00221EPSS
Exploits0References3
0day.today
0day.today
added 2024/01/31 12:0 a.m.426 views

XenForo 2.2.13 ArchiveImport.php Zip Slip Vulnerability

------------------------------------------------------------ XenForo zip; 201. $DS = \XF::$DS; 202. 203. if $this-extracted 204. 205. return; 206. 207. 208. for $i = 0; $i numFiles; $i++ 209. 210. $zipFileName = $zip-getNameIndex$i; 211. $fsFileName = $this-getFsFileNameFromZipName$zipFileName;...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.288 views

Xenforo 2.2.13 Cross Site Scripting

Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS Date: 2023-06-24 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: https://x.com/admin.php?smilies Version: 2.2.12 REQUIRED Tested on: Windows/Linux CVE :...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/06/26 12:0 a.m.588 views

Xenforo Version 2.2.13 - Authenticated Stored XSS Vulnerability

Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: https://x.com/admin.php?smilies Version: 2.2.12 REQUIRED Tested on: Windows/Linux CVE :...

7.1AI score
Exploits0
Rows per page
Query Builder