The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2021-6087 Related Report None Severity MEDIUM Exploit Difficulty NORMAL Platform XenForo 2.x Description Denial of Service. A malicious editor can use specially crafted WIDGET BB-Code "sidebar" variants to cause any page they can edit to resolve as a fatal error. Does not affect Lite versions.
Discovered May 1, 2021 Resolved May 3, 2021 Patches Available 4.1.1 Patch Level 4
4.1.0 Patch Level 6
4.1.0 RC 3 Patch Level 8
This page has been seen 580 times.