CVE-2026-43938 | YAFNET YetAnotherForum.NET up to 3.2.11/4.0.4 DbLogger.cs FormatStackTrace UserAgent cross site scripting

Inserito da Angelo Barbosa | Mag 12, 2026 | CVE

A vulnerability was found in YAFNET YetAnotherForum.NET up to 3.2.11/4.0.4. It has been declared as problematic. The impacted element is the function FormatStackTrace of the file YAFNET.Core/Logger/DbLogger.cs. Executing a manipulation of the argument UserAgent can lead to cross site scripting.

This vulnerability is registered as CVE-2026-43938. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.

CVE-2026-43938 | YAFNET YetAnotherForum.NET up to 3.2.11/4.0.4 DbLogger.cs FormatStackTrace UserAgent cross site scripting

Post correlati

CVE-2025-15082 | TOZED ZLT M30s up to 1.47 Web Management Interface /reqproc/proc_post goformId information disclosure

CVE-2026-38669 | wCMS 1.4 New Blog cross site scripting

CVE-2025-23589 | ContentOptin Lite Plugin up to 1.1 on WordPress cross site scripting

CVE-2024-13510 | shopsite ShopSite Plugin up to 1.5.10 on WordPress cross-site request forgery