VWE-2017-4266 Viewing Source [template]Vulnerability | cve= | aka= | severity=Extreme | difficulty=Easy | description=Denial of Service. A malicious user can balloon the size of the CSS cache at will. | discover-date=November 5, 2017 | patch-date=December 1, 2017 | patches=4.0.20 Patch Level 1 4.0.19 Patch Level 4 4.0.18 Patch Level 5 4.0.17 Patch Level 7 4.0.16 Patch Level 8 4.0.15 Patch Level 12 | workaround=[/template] [h=3]Notes[/h] We discovered a similar issue in XenForo 1.x and 2.x at the same time. We reported the issue to XenForo developers, and it is fixed in XenForo 1.5.16 and 2.0.0, respectively. 602 characters