Xenforo vs vBulletin vs Invision - history of vulnerabilities (Xenforo the clear winner)

Interesting take!

I go by taste rather than looking up those stats.

Sniff test = if it is buggy the software stinks.

Xenforo usually passes the sniff test!
vB doesn't
Invision is too buggy and doesn't
 
The first one is already fixed and was shipped with 2.2.14 or .15.

The second one is absolutely not a valid vulnerability. Being able to edit advertising HTML is an as-designed feature. It's no secret that if you can edit HTML, you can insert scripts. And with advertising more than anything, we absolutely expect various scripts to be used here - how else would advertising ever be able to work?
 
An admin with access to editing forums can add scripts to forum descriptions too, and can close the forum and add the XSS scripts there too! 😮
 
When comparing vulnerabilities it's worth noting the actual payload e.g. vBulletin's worst data breach not only compromised forum users but also customer accounts including names, addresses, birth dates, security Q&As, email addresses, home page URLs, IM identities, IP addresses and passwords.
 
zappaDPJ said:
When comparing vulnerabilities it's worth noting the actual payload e.g. vBulletin's worst data breach not only compromised forum users but also customer accounts including names, addresses, birth dates, security Q&As, email addresses, home page URLs, IM identities, IP addresses and passwords.
Click to expand...
How recent was that?
 
You must log in or register to reply here.

Similar threads

A
Size of Database Xenforo vs. vBulletin
Replies
6
Views
962
Paul B
Paul B
MstrfBlng
I noticed my Google crawl statistics. Loading speed Xenforo vs vBulletin 5
Replies
0
Views
1K
MstrfBlng
MstrfBlng
J
  • Question Question
Security XenForo vs vBulletin
Replies
14
Views
4K
mistypants
mistypants
V
Speed of xenForo vs vBulletin 3
Replies
8
Views
2K
Mike
Mike
H
  • Question Question
Large forum peformance: XenForo vs vBulletin
2
Replies
25
Views
21K
TPerry
TPerry
Top Bottom