There is a stored XSS Vulnerability affecting the alert system for XenForo CMS. It allows an authenticated attacker
to create specialized payloads that are highly flexible in terms of who they want to target. It also allows an
attacker to replace the contents of the index page despite this not being possible via regular admin access. Payloads
can be 'timed', meaning that an attackers code can execute even AFTER they've lost access to their account with privs.
XenForo Releases
Xenforo Vulnerability [PERSISTENT XSS] [0DAY]
Submitted by Deadboy, 17-04-2017, 10:23 PM, Thread ID: 32662
Thread Closed
RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 07-05-2017, 11:31 AM #2
07-05-2017, 11:31 AM
#2 RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 12-05-2017, 10:06 PM #3
12-05-2017, 10:06 PM
#3 RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 20-05-2017, 01:11 AM #4
20-05-2017, 01:11 AM
#4 RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 29-05-2017, 03:55 AM #5
29-05-2017, 03:55 AM
#5 RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 03-07-2017, 07:31 PM #6
03-07-2017, 07:31 PM
#6 RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 20-07-2017, 02:30 AM #7
20-07-2017, 02:30 AM
#7 RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 07-08-2017, 10:46 PM #8
07-08-2017, 10:46 PM
#8