VWE-2020-5943 Viewing Source [template]Vulnerability | aka= | severity=Medium | difficulty=Easy | description=Denial of Service. A sanitization issue in AJAX-submitted input allows invalid UTF-8 characters to pass verification, and could result in the prevention of moderator access to XenForo 2.x's approval queue if it contains affected content. The underlying sanitization issue has existed since 4.0.0 Gamma 6 and exists in all platforms; however, the code was never used on XenForo-based platforms in the VaultWiki 4.0.x series. The issue has been exploited in the wild as early as June 2017 on vBulletin-based platforms. The malicious effect can only be realized in the following situations: [list][*]vBulletin installations, running VaultWiki 4.0.0 Gamma 6 or higher when exploited, if that installation converts to XenForo 1.x running VaultWiki, and later converts to XenForo 2.x running VaultWiki. [*]XenForo installations, running VaultWiki 4.1.x or higher when exploited, if that installation now runs XenForo 2.x[/list] | platform= | lite= | issueid= | discover-date=October 7, 2020 | patch-date=November 8, 2020 | patches=4.1.0 Patch Level 2 4.1.0 RC 3 Patch Level 4 4.1.0 RC 2 Patch Level 5 4.1.0 RC 1 Patch Level 6 4.0.28 Patch Level 6 | workaround= [/template] 1,265 characters