XenForo 1.4.9 Cross Site Scripting
Posted on 27 July 2015
[+] Credits: snop. [+] Domains: rabbitz.org Vulnerability Type: =================== XSS Vendor: =================== www.xenforo.com Product: ===================================================================== XenForo <= 1.4.9 A compelling community experience. Intuitive. Social. Engaging. Fast. XenForo brings a fresh outlook to forum software. Advisory Information: ==================================================== Reflected Cross Site Scripting Vulnerability: Vulnerability Details: ===================== No Useraccount required. ------------------------------------ vulnerable URL: https://website/community/register/validate-field vulnerable POST parameter: 'name=' Severity Level: ========================================================= High