The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name Contrastive Vulnerability VWE-ID VWE-2016-2370 Related Report None Severity HIGH Exploit Difficulty EASY Platform XenForo Description HTML/Javascript injection.
Discovered April 15, 2016 Resolved April 15, 2016 Patches Available 4.0.10 Patch Level 1
4.0.9 Patch Level 1
4.0.8 Patch Level 3
4.0.7 Patch Level 4
4.0.6 Patch Level 7
4.0.5 Patch Level 7
4.0.4 Patch Level 7Workaround Update permissions so that no users can view the history of any page.
Sub-Categories of VWE-2016-2370
-
#
-
# (cont.)
-
# (cont.)