XenForo 1.4.8 Released

Releases XenForo 1.4.8 Released 1.4.8

Register & Get access to index
Untitled.png


Today, we are releasing XenForo 1.4.8. This release addresses two potential security vulnerabilities and fixes a number of bugs found since the release of 1.4.7. We recommend that all customers running XenForo 1.4 upgrade to 1.4.8 or use the attached patch file as soon as possible.

The two security issues are XSS vulnerabilities. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.
  • In the notices system, the name token was not escaped as expected. This could allow specially crafted requests to trigger an XSS for guests (or for a registered user to trigger an XSS on themselves).
  • In the filter list system in the admin control panel, dynamic highlighting when filtering did not escape output properly, potentially triggering an XSS against the user viewing the page.
  • Like
  • Love
Reactions: kirk and Frasier
Author
XenForo
Views
First release
Last update
Rating
4.50 star(s) 2 ratings

More resources from XenForo

Latest updates

  1. XenForo 1.4.8 Released (Includes Security Fix)

    Today, we are releasing XenForo 1.4.8. This release addresses two potential security...

Latest reviews

Woow thanks
Back
Top Bottom