Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
XenForo shared systems may expose user info to others on the same computer
CVE-2025-71280
Summary
If multiple people share a computer or browser, sensitive user information may be visible to others. This is because the information is stored in the browser cache. To fix this, update XenForo to version 2.3.7 or later.
Original title
XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose se...
Original description
XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users.
nvd CVSS3.1
6.2
nvd CVSS4.0
6.9
Vulnerability type
CWE-200
Information Exposure
Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026