Open Redirect in Xenforo
CVE-2024-58342
XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does not adequately validate the redirect target, allowing attackers to redirect users to arbitrary external sites using cr…
Vulnerability class: Open Redirect
EPSS: 0.000 (9.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L.
Affected products
- Xenforo — versions 0, 2.3.0
Weakness classification (CWE)
References
- XenForo 2.2.17 Released (Security Fix) (vendor-advisory, patch)
- VulnCheck Advisory: XenForo Open Redirect via getDynamicRedirect (third-party-advisory)
Frequently asked questions
- What is CVE-2024-58342?
- CVE-2024-58342 is a medium-severity vulnerability in Xenforo, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.3/10. Published 2026-04-01.
- How severe is CVE-2024-58342?
- Medium severity. CVSS v3 base score is 6.3 out of 10.