Code InjectionCVE-2026-35054CVSS 6.4

XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code...

GitHub Advisory Database · GitHub Security4/1/2026, 3:31:40 AM
View Original Source

Summary

XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content.

Tags

#xss

Metadata

Article ID
#480309
Source
GitHub Advisory Database
Scraped At
4/1/2026, 6:10:23 AM
URL Hash
aa47c28d79b5562d…