The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2019-5241 Related Report None Severity LOW Exploit Difficulty Difficult Platform XenForo 2.x Description Permissions Escalation. Users can view the output of certain sidebar-type WIDGET BB-Codes without permission, as long as they have permission to view output of a specific other sidebar-type widget, which varies from case to case. Does not affect Lite versions.
Discovered May 10, 2019 Resolved June 7, 2019 Patches Available 4.1.0 Beta 2 Workaround In the forum's BB-Code Manager, disable the WIDGET BB-Code.
This page has been seen 289,102 times.
-
-
Created by on
-