According to a recent security update shared on XenForo forums, the service addressed numerous security vulnerabilities with the latest XenForo release.
As stated, the vulnerabilities included a cross-site request forgery (CSRF) and code injection flaw that could lead to remote code execution and cross-site scripting (XSS) attacks.
XenForo credited the security researcher Egidio Romano for reporting most of these flaws via SSD Secure Disclosure. While the firm didn’t share details about the vulnerabilities in its post, SSD Secure Disclosure shared a detailed analysis in a separate advisory. These vulnerabilities include CVE-2024-38457 – a CSRF vulnerability, and CVE-2024-38458 – a remote code execution flaw.
https://xenforo.com/community/threa...-2-6-released-includes-security-fixes.222133/
As stated, the vulnerabilities included a cross-site request forgery (CSRF) and code injection flaw that could lead to remote code execution and cross-site scripting (XSS) attacks.
XenForo credited the security researcher Egidio Romano for reporting most of these flaws via SSD Secure Disclosure. While the firm didn’t share details about the vulnerabilities in its post, SSD Secure Disclosure shared a detailed analysis in a separate advisory. These vulnerabilities include CVE-2024-38457 – a CSRF vulnerability, and CVE-2024-38458 – a remote code execution flaw.
https://xenforo.com/community/threa...-2-6-released-includes-security-fixes.222133/
Welcome to Admin Junkies