UNKNOWNCVE-2026-35055
XenForo Cross-Site Scripting via Lightbox in Posts
Platform
php
Component
xenforo
Fixed in
2.3.9
XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XSS) related to lightbox usage in posts. An attacker can inject malicious scripts that execute when users interact with post content displayed in the lightbox.
How to fix
Actualice XenForo a la versión 2.3.9 o 2.2.18 o superior. Esto solucionará la vulnerabilidad de Cross-Site Scripting (XSS) relacionada con el uso de lightbox en las publicaciones. La actualización se puede realizar a través del panel de administración de XenForo.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free