XenForo Releases

Xenforo Vulnerability [PERSISTENT XSS] [0DAY]

Submitted by Deadboy, , Thread ID: 32662

Thread Closed
17-04-2017, 10:23 PM
#1
There is a stored XSS Vulnerability affecting the alert system for XenForo CMS. It allows an authenticated attacker
to create specialized payloads that are highly flexible in terms of who they want to target. It also allows an
attacker to replace the contents of the index page despite this not being possible via regular admin access. Payloads
can be 'timed', meaning that an attackers code can execute even AFTER they've lost access to their account with privs.


Content locked
This content has been locked. Please login or register in order to unlock it.

RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY]

#2
this is real i really wanted to exploit websites

RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY]

#3
Hmm, I will see what I will be able to do. Thanks for fun man :D

RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY]

#4
Absolutely recommended add-on with a lot of helpful features, works perfectly for me. I received incredible support from the author, thank you very much for this. Keep up the great work, au lait! Smile

RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY]

#5
Has this been fixed?

RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY]

#6
You're the best. thanks for leaking this source

RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY]

#7
nice i will look forward to it

RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY]

#8
really need this thanks

RE: Xenforo Vulnerability [PERSISTENT XSS] [0DAY]

#9
The first line reads "This is a low impact bug due to the fact that a mod/admin account is required on the forums in order to trigger the vulnerability" so it's not worth it!
Cool People:
Aoki, Aurora, fdigl, Faded, v4hl, EMO

Users browsing this thread: 2 Guest(s)