XenForo extends thanks to Thomas Schneider for identifying the issue.
The issue is an XSS vulnerability. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.
Applying a Fix: Upgrading
You may upgrade to 2.0.9 to fix this issue. You should upgrade as you would to any other release.
Customers with an active license may download 2.0.9 from their
Applying a Fix: Patching
Alternatively, this issue can be fixed by applying the patch in the attached file. You should simply overwrite the following file with the version attached to this message: