VYPR

Vanilla Forums

by Vanilla Forums

Source repositories

CVEs (10)

  • CVE-2016-10073HigMay 23, 2017
    risk 0.58cvss 7.5epss 0.84

    The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.

  • CVE-2017-1000432HigJan 2, 2018
    risk 0.55cvss 8.0epss 0.02

    Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access

  • CVE-2012-6557May 23, 2013
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6)…

  • CVE-2014-9685Feb 25, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-3528May 10, 2013
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."

  • CVE-2013-3527May 10, 2013
    risk 0.00cvss epss 0.04

    Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.

  • CVE-2011-0910Feb 8, 2011
    risk 0.00cvss epss 0.01

    The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

  • CVE-2011-0909Feb 8, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.

  • CVE-2011-0908Feb 8, 2011
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526.

  • CVE-2011-0526Feb 8, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.