VWE-2015-1601
Return to current revision
Differences in Content
-
[template]Vulnerability
| cve=
| aka=Cross-Template Vulnerability
| difficulty=Hard
| description=Randomly successful HTML/Javascript injection (success rate: ~1/50000 uncached page views). Affects XenForo only.
| discover-date=October 2, 2015
| patch-date=October 4, 2015
| patches=4.0.6 Patch Level 1
4.0.5 Patch Level 1
4.0.4 Patch Level 1
4.0.3 Patch Level 2
4.0.2 Patch Level 5
4.0.1 Patch Level 8
4.0.0 Patch Level 7
4.0.0 RC 5 Patch Level 6
4.0.0 RC 4 Patch Level 7 -
-
| workaround= -
+
| workaround=Disable the Template content-type via the Wiki Admin Panel. -
[/template]