CVE-2025-71280

Medium CVSS: 6.9

XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users.

Vendor

Xenforo

Product

Xenforo

CWE

CWE-200

Yayın Tarihi

2026-04-01 01:16:40

Güncelleme

2026-04-01 18:52:12

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-200 Xenforo MEDIUM Xenforo 2026

Referanslar

https://www.vulncheck.com/advisories/xenforo-local-account-page-caching-information-disclosure https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-fixes.232121/

Benzer Kayıtlar

Medium

CVE-2026-35054

XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can in…

Medium

CVE-2026-35055

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XSS) related to lightbox usage in posts. A…

High

CVE-2026-35056

XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users.…

Medium

CVE-2026-35057

XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions,…

High

CVE-2025-71278

XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using O…

Critical

CVE-2025-71279

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may…