4 matches found
CVE-2026-43939
YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and later rendered back into the thread page without adequate HTML sanitization or contextual output...
CVE-2026-43939 YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers
YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and later rendered back into the thread page without adequate HTML sanitization or contextual output...
CVE-2026-43939
Summary: CVE-2026-43939 affects YetAnotherForum.NET (YAF.NET) prior to 4.0.5 and 3.2.12, where thread posting/reply content is stored and later rendered without proper HTML sanitization or contextual encoding, enabling Stored XSS across the forum. The underlying issue is unsanitized user input in...
PT-2026-37310
Name of the Vulnerable Software and Affected Versions YetAnotherForum.NET YAF.NET versions prior to 4.0.5 YetAnotherForum.NET YAF.NET versions prior to 3.2.12 Description The thread posting and reply feature allows user-supplied content to be stored server-side and rendered on the thread page...