Vulnerabilities > Xenforo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-16 | CVE-2024-38457 | Cross-Site Request Forgery (CSRF) vulnerability in Xenforo 2.2.7 Xenforo before 2.2.16 allows CSRF. | 8.8 |
| 2024-06-16 | CVE-2024-38458 | Code Injection vulnerability in Xenforo 2.2.7 Xenforo before 2.2.16 allows code injection. | 8.8 |
| 2021-11-03 | CVE-2021-43032 | Cross-site Scripting vulnerability in Xenforo 2.2.7 In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. | 4.8 |