[RCESEC-2016-006] XenForo ToggleME 3.1.2 "/admin.php?options/list/toggleME" Multiple Persistent Cross-Site Scriptings

September 12, 2016 007admin

Posted by Julien Ahrens on Sep 12

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: XenForo ToggleME plugin
Vendor URL: https://xenforo.com/community/resources/toggleme.137/
Type: Cross-Site Scripting [CWE-79]
Date found: 2016-09-06
Date published: 2016-09-11
CVSSv3 Score: 5.5 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N)
CVE: –

2. CREDITS
==========
This vulnerability was discovered…

007 Software

[RCESEC-2016-006] XenForo ToggleME 3.1.2 "/admin.php?options/list/toggleME" Multiple Persistent Cross-Site Scriptings

Software and Security Information