The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2021-6191 Related Report None Severity HIGH Exploit Difficulty EASY Platform XenForo 2.x Description Permissions Escalation and Data Loss. Some edits do not preserve existing custom field values from the previous edit. This is most common for edits generated from outside the Edit tab, such as mass edits. Within the Edit tab, when a user who does not have permission to change any custom field for a page edits that page, the unpermitted custom fields may be changed to a blank value. Does not affect Lite versions.
Discovered August 8, 2021 Resolved September 14, 2021 Patches Available 4.1.2 Patch Level 2
4.1.1 Patch Level 7
4.1.0 Patch Level 9
This page has been seen 176,667 times.
-
-
Created by on
-