Security Advisory

CVE-2026-28560

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-28 21:47:40

Last updated 2026-05-11 23:11:40

Assigner VulnCheck

State PUBLISHED

Description

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using json_encode without the JSON_HEX_TAG flag. Attackers set a forum slug containing a closing script tag or unescaped single quote to break out of the JavaScript string context and execute arbitrary script in all visitors browsers.

← Browse all CVEs View on cve.org ↗