Xenforo Vulnerability [PERSISTENT XSS] [0DAY]

There is a stored XSS Vulnerability affecting the alert system for XenForo CMS. It allows an authenticated attacker
to create specialized payloads that are highly flexible in terms of who they want to target. It also allows an
attacker to replace the contents of the index page despite this not being possible via regular admin access. Payloads
can be 'timed', meaning that an attackers code can execute even AFTER they've lost access to their account with privs.

this is real i really wanted to exploit websites

Hmm, I will see what I will be able to do. Thanks for fun man :D

Absolutely recommended add-on with a lot of helpful features, works perfectly for me. I received incredible support from the author, thank you very much for this. Keep up the great work, au lait!

Has this been fixed?

You're the best. thanks for leaking this source

nice i will look forward to it

really need this thanks

The first line reads "This is a low impact bug due to the fact that a mod/admin account is required on the forums in order to trigger the vulnerability" so it's not worth it!