Xenforo

Xenforo

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-38457

Exploit
  • EPSS 6.56%
  • Published 16.06.2024 15:15:51
  • Last modified 21.11.2024 09:25:56

Xenforo before 2.2.16 allows CSRF.

8.8

CVE-2024-38458

Exploit
  • EPSS 0.15%
  • Published 16.06.2024 15:15:51
  • Last modified 21.11.2024 09:25:56

Xenforo before 2.2.16 allows code injection.

8.1

CVE-2024-25006

  • EPSS 0.3%
  • Published 29.02.2024 01:44:14
  • Last modified 08.05.2025 22:45:31

XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import.

4.8

CVE-2021-43032

Exploit
  • EPSS 3.82%
  • Published 03.11.2021 20:15:09
  • Last modified 21.11.2024 06:28:33

In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side.