A vulnerability was found in YAFNET YetAnotherForum.NET up to 3.2.11/4.0.4 . It has been declared as problematic . The impacted element is the function FormatStackTrace of the file YAFNET.Core/Logger/DbLogger.cs . Executing a manipulation of the argument UserAgent can lead to cross site scripting. This vulnerability is registered as CVE-2026-43938 . It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.