• Register
    • Help

    striker  0 Items
    Currently Supporting
    • Home
    • News
      • VaultWiki News
      • Visit the Wiki
    • Forum
    • Wiki
    • Support
    • What's New?
    • Buy Now
    • Manual
    • 
    • Home
    • VaultWiki Security Update: February 2025

    1. Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

      VaultWiki allows your existing forum users to collaborate on creating and managing a site's content pages. VaultWiki is a fully-featured and fully-supported wiki solution for vBulletin and XenForo.

      The VaultWiki Team encourages you to join our community of forum administrators and check out VaultWiki for yourself.

    • VaultWiki Security Update: February 2025

      by
      pegasus
      • View Profile
      • View Forum Posts
      • View Blog Entries
      • Visit Homepage
      • View Articles
      Published on February 20, 2025 11:11 AM
      0 Comments Comments
      As of February 20, security patches for February 2025 are now available.

      Issue List

      VWE-2025-6644 is a Denial of Service issue, where a user can replace regular non-wiki content with a fatal error by posting a GALLERY tag. The issue affects VaultWiki 4.1.6 and higher, on vBulletin and XenForo 1.x platforms only.

      VWE-2025-6645 is a Permissions Escalation issue, where a sandbox break can occur while rendering a BB-Code tag with parsible advanced-style tag options, which generally applies to all BB-Code tags with advanced-style tag options, such as unfurlable URL tags, when used within a wiki template context. Such a tag's child content that should normally be unrendered according to sandbox rules may be unexpectedly rendered anyway. The issue affects all versions of the VaultWiki 4.1.x series, on XenForo 2.x platforms only.

      VWE-2025-6646 is an Upgrade issue, where initiating the upgrade process could trigger a fatal error. The issue affects VaultWiki 4.1.8 Patch Level 1, on XenForo 2.x platforms only.

      Patches

      The following patches address the aforementioned issues:
      • 4.1.8 Patch Level 2


      Notes

      We highly recommend that all users running VaultWiki in a production environment update to a patched release.
    • Contact Us
    • License Agreement
    • Privacy
    • Terms
    • Top
    All times are GMT -4. The time now is 1:49 PM.
    This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Learn more… Accept Remind me later
  • striker
    Powered by vBulletin® Version 4.2.5 Beta 2
    Copyright © 2025 vBulletin Solutions Inc. All rights reserved.
    Search Engine Optimisation provided by DragonByte SEO (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
    Copyright © 2008 - 2024 VaultWiki Team, Cracked Egg Studios, LLC.