Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
XenForo Software Allows Attackers to Redirect Users to Fake Sites
CVE-2024-58342
Summary
XenForo software versions 2.2.17 and earlier, as well as 2.3.1, can redirect users to any website by entering a specially crafted URL. This could trick users into visiting fake or malicious sites. To protect your users, update to the latest version of XenForo immediately.
Original title
XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does not adequately validate the redirect target, allowing attackers to redirect ...
Original description
XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does not adequately validate the redirect target, allowing attackers to redirect users to arbitrary external sites using crafted URLs containing newlines, user credentials, or host mismatches.
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-601
Open Redirect
Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026