CVE-2026-35057 | XenForo up to 2.2.18/2.3.9 Mentions cross site scripting

A vulnerability labeled as problematic has been found in XenForo up to 2.2.18/2.3.9. This affects an unknown function of the component Mentions Handler. Such manipulation leads to cross site scripting.

This vulnerability is referenced as CVE-2026-35057. It is possible to launch the attack remotely. No exploit is available.

The affected component should be upgraded.VulDB Recent EntriesRead More