NextGuard
UNKNOWNCVE-2026-35054

XenForo Stored Cross-Site Scripting via BB Code Rendering

Platform

php

Component

xenforo

Fixed in

2.3.9

View on NVD

XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content.

How to fix

Actualice XenForo a la versión 2.3.9 o superior. Esta versión contiene una corrección para la vulnerabilidad XSS. La actualización se puede realizar a través del panel de administración de XenForo.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-35054 — Vulnerability Details | NextGuard | NextGuard