VWE-2016-2370
Return to current revision
General Differences
made the following changes
- removed the title prefix 'XSS'
- changed the title from 'Contrastive Vulnerability' to 'VWE-2016-2370'
- enabled HTML parsing with line-breaks
Differences in Content
-
[template]Vulnerability
| cve=
| aka=Contrastive Vulnerability
| severity=High
| difficulty=Easy
| description=HTML/Javascript injection. Affects XenForo only.
| discover-date=April 15, 2016
| patch-date=April 15, 2016
| patches=4.0.10 Patch Level 1
4.0.9 Patch Level 1
4.0.8 Patch Level 3
4.0.7 Patch Level 4
4.0.6 Patch Level 7
4.0.5 Patch Level 7
4.0.4 Patch Level 7
| workaround=Update permissions so that no users can view the history of any page.
[/template]