CVE-2024-58342

Medium CVSS: 5.3

XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does not adequately validate the redirect target, allowing attackers to redirect users to arbitrary external sites using crafted URLs containing newlines, user credentials, or host mismatches.

Vendor

Xenforo

Product

Xenforo

CWE

CWE-601

Yayın Tarihi

2026-04-01 01:16:39

Güncelleme

2026-04-01 18:54:10

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-601 Xenforo MEDIUM Xenforo 2026

Referanslar

https://www.vulncheck.com/advisories/xenforo-open-redirect-via-getdynamicredirect https://xenforo.com/community/threads/xenforo-2-2-17-released-security-fix.227797/

Benzer Kayıtlar

Medium

CVE-2026-35054

XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can in…

Medium

CVE-2026-35055

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XSS) related to lightbox usage in posts. A…

High

CVE-2026-35056

XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users.…

Medium

CVE-2026-35057

XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions,…

High

CVE-2025-71278

XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using O…

Critical

CVE-2025-71279

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may…