Xenforo Security Vulnerabilities and Issues — Xenforo CVE List

Lucene search

XenforoXenforo

4 matches found

CVE•added 2024/06/16 3:15 p.m.•53 views

CVE-2024-38458

Xenforo before 2.2.16 allows code injection.

8.8CVSS7.5AI score0.00205EPSS

CVE•added 2021/11/03 8:15 p.m.•51 views

CVE-2021-43032

In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side.

4.8CVSS4.9AI score0.03822EPSS

CVE•added 2024/06/16 3:15 p.m.•49 views

CVE-2024-38457

Xenforo before 2.2.16 allows CSRF.

8.8CVSS7AI score0.05344EPSS

CVE•added 2024/02/29 1:44 a.m.•33 views

CVE-2024-25006

XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import.

8.1CVSS6.6AI score0.00297EPSS