RSS   Vulnerabilities for 'Vanilla forums'   RSS

2021-06-22
 
CVE-2010-4264

CWE-79
 

 
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.

 
 
CVE-2010-4266

CWE-601
 

 
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.

 
2020-02-05
 
CVE-2011-1009

CWE-79
 

 
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.

 
2019-03-01
 
CVE-2019-8279

CWE-79
 

 
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.

 
2018-08-26
 
CVE-2018-15833

CWE-20
 

 
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).

 
2018-01-02
 
CVE-2017-1000432

CWE-352
 

 
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access

 
2017-05-23
 
CVE-2016-10073

CWE-200
 

 
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.

 
2015-02-25
 
CVE-2014-9685

 

 
Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
2013-05-10
 
CVE-2013-3528

CWE-noinfo
 

 
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."

 
 
CVE-2013-3527

 

 
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.

 


Copyright 2024, cxsecurity.com

 

Back to Top