CVE-2026-35054

MEDIUM NVD

CVSS Score 6.4

Severity MEDIUM

Published Apr 01, 2026

Vendor unknown

Description

XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content.

References

https://www.vulncheck.com/advisories/xenforo-stored-cross-site-scripting-via-bb-code-rendering
https://xenforo.com/community/threads/xenforo-2-3-9-inc-xfmg-2-2-18-released-security-fix.235659/