Security Advisory

CVE-2021-43032

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-03 19:54:44

Last updated 2024-08-04 03:47:13

Assigner mitre

State PUBLISHED

Description

In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side.

← Browse all CVEs View on cve.org ↗