VWE-2015-1601
Return to current revision
Current Revision
April 8, 2018, 11:42 PM
Differences in Content
-
[template]Vulnerability
| cve=
| aka=Cross-Template Vulnerability
| severity=High
| difficulty=Hard -
-
| description=Randomly successful HTML/Javascript injection (success rate: ~1/50000 uncached page views). Affects XenForo only. Does not affect Lite versions. -
+
| description=Randomly successful HTML/Javascript injection (success rate: ~1/50000 uncached page views).
| platform=XF
| lite=no -
| discover-date=October 2, 2015
| patch-date=October 4, 2015
| patches=4.0.6 Patch Level 1
4.0.5 Patch Level 1
4.0.4 Patch Level 1
4.0.3 Patch Level 2
4.0.2 Patch Level 5
4.0.1 Patch Level 8
4.0.0 Patch Level 7
4.0.0 RC 5 Patch Level 6
4.0.0 RC 4 Patch Level 7
| workaround=Disable the Template content-type via the Wiki Admin Panel.
[/template]