VWE-2021-6343 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2021-6343
This page is a chapter in Info Known Vulnerabilities

This page has been seen 103,888 times.

- Created by
  pegasus
  on December 1, 2021

Common Name None
VWE-ID VWE-2021-6343
Related Report #6278
Severity HIGH
Exploit Difficulty NORMAL
Platform XenForo 2.x
Description Denial of Service. A user can cause any page showing BB-Code content to render as a fatal error by leveraging a flaw in the WIDGET BB-Code's forum and thread renderers. Does not affect Lite versions.

Discovered November 29, 2021
Resolved December 1, 2021
Patches Available 4.1.3 Patch Level 1
4.1.2 Patch Level 4
4.1.1 Patch Level 9
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2021-6343
Related Report	#6278
Severity	HIGH
Exploit Difficulty	NORMAL
Platform	XenForo 2.x
Description	Denial of Service. A user can cause any page showing BB-Code content to render as a fatal error by leveraging a flaw in the WIDGET BB-Code's forum and thread renderers. Does not affect Lite versions.
Discovered	November 29, 2021
Resolved	December 1, 2021
Patches Available	4.1.3 Patch Level 1 4.1.2 Patch Level 4 4.1.1 Patch Level 9