There is a stored XSS Vulnerability affecting the alert system for XenForo CMS. It allows an authenticated attacker
to create specialized payloads that are highly flexible in terms of who they want to target. It also allows an
attacker to replace the contents of the index page despite this not being possible via regular admin access. Payloads
can be 'timed', meaning that an attackers code can execute even AFTER they've lost access to their account with privs.
XenForo Releases
Xenforo Vulnerability [PERSISTENT XSS] [0DAY]
Submitted by Deadboy, 17-04-2017, 10:23 PM, Thread ID: 32662
Thread Closed
RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 07-05-2017, 11:31 AM #2 this is real i really wanted to exploit websites
07-05-2017, 11:31 AM
#2 this is real i really wanted to exploit websites
RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 12-05-2017, 10:06 PM #3 Hmm, I will see what I will be able to do. Thanks for fun man :D
12-05-2017, 10:06 PM
#3 Hmm, I will see what I will be able to do. Thanks for fun man :D
RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 20-05-2017, 01:11 AM #4 Absolutely recommended add-on with a lot of helpful features, works perfectly for me. I received incredible support from the author, thank you very much for this. Keep up the great work, au lait! 
20-05-2017, 01:11 AM
#4 Absolutely recommended add-on with a lot of helpful features, works perfectly for me. I received incredible support from the author, thank you very much for this. Keep up the great work, au lait!
RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 29-05-2017, 03:55 AM #5 Has this been fixed?
29-05-2017, 03:55 AM
#5 Has this been fixed?
RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 03-07-2017, 07:31 PM #6 You're the best. thanks for leaking this source
03-07-2017, 07:31 PM
#6 You're the best. thanks for leaking this source
RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 20-07-2017, 02:30 AM #7 nice i will look forward to it
20-07-2017, 02:30 AM
#7 nice i will look forward to it
RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY] 07-08-2017, 10:46 PM #8 really need this thanks
07-08-2017, 10:46 PM
#8 really need this thanks