The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name Cross-Template Vulnerability VWE-ID VWE-2015-1601 Related Report None Severity HIGH Exploit Difficulty Difficult Platform XenForo Description Randomly successful HTML/Javascript injection (success rate: ~1/50000 uncached page views). Does not affect Lite versions.
Discovered October 2, 2015 Resolved October 4, 2015 Patches Available 4.0.6 Patch Level 1
4.0.5 Patch Level 1
4.0.4 Patch Level 1
4.0.3 Patch Level 2
4.0.2 Patch Level 5
4.0.1 Patch Level 8
4.0.0 Patch Level 7
4.0.0 RC 5 Patch Level 6
4.0.0 RC 4 Patch Level 7Workaround Disable the Template content-type via the Wiki Admin Panel.
Sub-Categories of VWE-2015-1601
-
#
-
# (cont.)
-
# (cont.)