Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Vanilla forums'
2021-06-22
CVE-2010-4264
CWE-79
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
CVE-2010-4266
CWE-601
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
2020-02-05
CVE-2011-1009
CWE-79
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
2019-03-01
CVE-2019-8279
CWE-79
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
2018-08-26
CVE-2018-15833
CWE-20
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
2018-01-02
CVE-2017-1000432
CWE-352
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
2017-05-23
CVE-2016-10073
CWE-200
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
2015-02-25
CVE-2014-9685
Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2013-05-10
CVE-2013-3528
CWE-noinfo
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
CVE-2013-3527
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
Copyright
2024
, cxsecurity.com
Back to Top