CNNVD-202512-3165 Information

CNNVD ID

CNNVD-202512-3165

Related CVE

CVE-2023-53904

• CNNVD Published: 2025-12-17

Description (Chinese)

Xenforo是Xenforo公司的一个论坛软件。 Xenforo 2.2.13版本存在跨站脚本漏洞，该漏洞源于smilie类别标题参数清理不当，可能导致存储型跨站脚本攻击。

Description (English)

Xenforo is a forum software for Xenforo. Xenforo 2.2.13 has a cross-site script loophole, which stems from the improper clean-up of the title parameters of the Smilie category, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Xenforo

Published

2025-12-17

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/xenforo-authenticated-stored-cross-site-scripting-via-smilie-categories https://www.exploit-db.com/exploits/51547 https://xenforo.com/ https://access.redhat.com/security/cve/cve-2023-53904