CVE-2026-35057 in XenForoinformation

Résumé (Anglaise)

XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions, primarily affecting legacy profile post content. An attacker can inject malicious scripts through crafted mentions that are stored and executed when other users view the content.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsable

VulnCheck

Réserver

01/04/2026

Divulgation

01/04/2026

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
354561	XenForo Mentions cross site scripting	79	Non défini	Correctif officiel	CVE-2026-35057

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PrécédentAperçuSuivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!