VWE-2019-5241

This page is a chapter in Info Known Vulnerabilities

Common Name None
VWE-ID VWE-2019-5241
Related Report None
Severity LOW
Exploit Difficulty Difficult
Platform XenForo 2.x
Description Permissions Escalation. Users can view the output of certain sidebar-type WIDGET BB-Codes without permission, as long as they have permission to view output of a specific other sidebar-type widget, which varies from case to case. Does not affect Lite versions.

Discovered May 10, 2019
Resolved June 7, 2019
Patches Available 4.1.0 Beta 2
Workaround In the forum's BB-Code Manager, disable the WIDGET BB-Code.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

This page has been seen 289,135 times.

- Created by
  pegasus
  
  View Public Profile
  
  Show contributions to this page
  
  Send a private message to pegasus
  
  Visit pegasus's homepage!
  on October 12, 2019

Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

VWE-2019-5241

Users Browsing This Page (0 members, 1 guests)

Common Name	None
VWE-ID	VWE-2019-5241
Related Report	None
Severity	LOW
Exploit Difficulty	Difficult
Platform	XenForo 2.x
Description	Permissions Escalation. Users can view the output of certain sidebar-type WIDGET BB-Codes without permission, as long as they have permission to view output of a specific other sidebar-type widget, which varies from case to case. Does not affect Lite versions.
Discovered	May 10, 2019
Resolved	June 7, 2019
Patches Available	4.1.0 Beta 2
Workaround	In the forum's BB-Code Manager, disable the WIDGET BB-Code.

Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

Sub-Categories of VWE-2019-5241

#

XSS 4.1.0 Alpha 1

XSS 4.1.0 Alpha 2

XSS 4.1.0 Alpha 3

# (cont.)

XSS 4.1.0 Beta 1

Users Browsing This Page (0 members, 1 guests)