Security Advisory

CVE-2026-35054

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-01 00:30:12

Last updated 2026-05-24 01:37:46

Assigner VulnCheck

State PUBLISHED

Description

XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content.

← Browse all CVEs View on cve.org ↗