Search Results | AttackerKB

Show filters

Topics 3 Users 9,707

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2024-38458

Disclosure Date: June 16, 2024 (last updated July 27, 2024)

Xenforo before 2.2.16 allows code injection.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2024-38457

Disclosure Date: June 16, 2024 (last updated July 27, 2024)

Xenforo before 2.2.16 allows CSRF.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-43032

Disclosure Date: November 03, 2021 (last updated November 28, 2024)

In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side.

Attack Vector: Network Privileges: High User Interaction: Required

0