This is an old revision of this page, as edited December 1, 2021, 11:24 PM by pegasus(contribs). It may differ significantly from the current revision.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2021-6343 Related Report #6278 Severity HIGH Exploit Difficulty NORMAL Platform XenForo 2.x Description Denial of Service. A user can cause any page showing BB-Code content to render as a fatal error by leveraging a flaw in the WIDGET BB-Code's forum and thread renderers. Does not affect Lite versions.
Discovered October 30, 2021 Resolved December 1, 2021 Patches Available 4.1.3 Patch Level 1
4.1.2 Patch Level 4
4.1.1 Patch Level 9