Security Advisory

CVE-2023-53904

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-17 22:44:43

Last updated 2026-04-07 14:07:26

Assigner VulnCheck

State PUBLISHED

Description

Xenforo 2.2.13 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the smilie category title parameter. Attackers can create a smilie category with a malicious script that will execute when the admin panel is loaded, potentially enabling further client-side attacks.

← Browse all CVEs View on cve.org ↗