VWE-2017-4138 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2017-4138
This page is a chapter in Info Known Vulnerabilities

This page has been seen 177,158 times.

- Created by
  pegasus
  on October 17, 2017
  
  Last updated by
  pegasus
  on April 8, 2018

Common Name None
VWE-ID VWE-2017-4138
Related Report #5260
Severity Extreme
Exploit Difficulty Difficult
Platform XenForo
Description CAN-SPAM Compliance. Affects add-ons with email templates that do not define plain-text email contents.

Discovered October 2, 2017
Resolved October 15, 2017
Patches Available 4.0.19 Patch Level 3
4.0.18 Patch Level 4
4.0.17 Patch Level 6
4.0.16 Patch Level 7
4.0.15 Patch Level 11
Workaround Manually define compliant plain-text variants for all email templates.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2017-4138
Related Report	#5260
Severity	Extreme
Exploit Difficulty	Difficult
Platform	XenForo
Description	CAN-SPAM Compliance. Affects add-ons with email templates that do not define plain-text email contents.
Discovered	October 2, 2017
Resolved	October 15, 2017
Patches Available	4.0.19 Patch Level 3 4.0.18 Patch Level 4 4.0.17 Patch Level 6 4.0.16 Patch Level 7 4.0.15 Patch Level 11
Workaround	Manually define compliant plain-text variants for all email templates.