Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Vanilla'
2020-02-10
CVE-2020-8825
CWE-79
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
2020-01-22
CVE-2011-3614
NVD-CWE-Other
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
CVE-2011-3613
CWE-200
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
2018-11-23
CVE-2018-19499
CWE-502
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
2018-09-03
CVE-2018-16410
CWE-89
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
2017-05-23
CVE-2016-10073
CWE-200
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
2011-09-23
CVE-2011-3812
CWE-200
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.
>>>
Vendor:
Vanillaforums
2
Products
Vanilla forums
Vanilla
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Vanilla' 