UNKNOWNCVE-2026-35057
XenForo Stored Cross-Site Scripting via Structured Text Mentions
Platform
php
Component
xenforo-2-xss
Fixed in
2.3.10
XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions, primarily affecting legacy profile post content. An attacker can inject malicious scripts through crafted mentions that are stored and executed when other users view the content.
How to fix
Actualice XenForo a la versión 2.3.10 o 2.2.19, o posterior, para corregir la vulnerabilidad XSS. Esto evitará que los atacantes inyecten scripts maliciosos a través de menciones en el texto estructurado.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free