The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2019-5266 Related Report #5779 Severity MEDIUM Exploit Difficulty NORMAL Platform XenForo 2.x Description Permissions Escalation. Users can use specially crafted BB-Codes and template parameters to circumvent area parser settings. Does not affect Lite versions.
Discovered May 31, 2019 Resolved June 7, 2019 Patches Available 4.1.0 Beta 2 Workaround In AdminCP > Wiki > Structures > Content Types, disable the Template type.
This page has been seen 288,855 times.
-
-
Created by on
-