VWE-2016-2064 Viewing Source [template]Vulnerability | cve= | aka=Greedy Widget Vulnerability | severity=Extreme | difficulty=Easy | description=Denial of service amplification. | platform=XF1 | lite=no | discover-date=February 1, 2016 | patch-date=February 9, 2016 | patches=4.0.8 Patch Level 2 4.0.7 Patch Level 3 4.0.6 Patch Level 6 4.0.5 Patch Level 6 4.0.4 Patch Level 6 4.0.3 Patch Level 6 4.0.2 Patch Level 9 | workaround=In your forum software's BB-Code Manager, disable parsing of the BB-Code with unique identifier "vw_widget_tag," "vw_forumindex_tag," "vw_bookindex_tag," and "vw_showthreads_tag." [/template] [h=3]Notes[/h] Further investigation of the related [wiki]VWE-2022-6469[/wiki] in 2024 revealed that this issue only affected XenForo 1.x platforms, though at the time it was implied to affect all platforms. 819 characters