VWE-2015-1601
Return to current revision
General Differences
made the following changes
- removed the title prefix 'XSS'
- changed the title from 'Cross-Template Vulnerability' to 'VWE-2015-1601'
Differences in Content
-
[template]Vulnerability
| cve=
| aka=Cross-Template Vulnerability
| severity=High
| difficulty=Hard
| description=Randomly successful HTML/Javascript injection (success rate: ~1/50000 uncached page views). Affects XenForo only. Does not affect Lite versions.
| discover-date=October 2, 2015
| patch-date=October 4, 2015
| patches=4.0.6 Patch Level 1
4.0.5 Patch Level 1
4.0.4 Patch Level 1
4.0.3 Patch Level 2
4.0.2 Patch Level 5
4.0.1 Patch Level 8
4.0.0 Patch Level 7
4.0.0 RC 5 Patch Level 6
4.0.0 RC 4 Patch Level 7
| workaround=Disable the Template content-type via the Wiki Admin Panel.
[/template]