CVE-2026-43939 YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and later rendered back into the thread page without adequate HTML sanitization or contextual output...

CVE-2026-43939 YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and later rendered back into the thread page without adequate HTML sanitization or contextual output...

Cross-site Scripting (XSS)

Overview YAFNET.Core is an Open Source Forum solution! The YAF.NET project is an international collaboration of like-minded, skilled, and creative individuals who are striving to make YAF.NET the most robust and malleable forum solutions available. Affected versions of this package are vulnerable...

CVE-2025-31118

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature viewtopic.php does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction,...