Post authenticated stored-xss in XenForo versions ≤ 2.2.7
CVE-2021-43032 In XenForo ≤ 227, a threat actor with access to the admin panel can save cross-site scripting payloads in any function within the application that accepts HTML code A payload placed within the 'Advertising' functionality will execute globally on the client side, allowing for multiple exploitation scenarios, whereas other payloads will execute on t