Vanilla Forums
by Vanilla OS
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3614 | Cri | 0.64 | 9.8 | 0.02 | Jan 22, 2020 | An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. | ||
| CVE-2011-3613 | Hig | 0.49 | 7.5 | 0.02 | Jan 22, 2020 | An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. | ||
| CVE-2010-4266 | Med | 0.40 | 6.1 | 0.01 | Jun 22, 2021 | It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher. | ||
| CVE-2019-8279 | Med | 0.35 | 5.4 | 0.01 | Mar 2, 2019 | Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum. | ||
| CVE-2010-4264 | Med | 0.33 | 6.1 | 0.01 | Jun 22, 2021 | It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side. | ||
| CVE-2011-1009 | Med | 0.33 | 6.1 | 0.01 | Feb 5, 2020 | Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter. | ||
| CVE-2012-4954 | 0.00 | — | 0.01 | Nov 15, 2012 | The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue. |
- risk 0.64cvss 9.8epss 0.02
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
- risk 0.49cvss 7.5epss 0.02
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
- risk 0.40cvss 6.1epss 0.01
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
- risk 0.35cvss 5.4epss 0.01
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
- risk 0.33cvss 6.1epss 0.01
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
- risk 0.33cvss 6.1epss 0.01
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
- CVE-2012-4954Nov 15, 2012risk 0.00cvss —epss 0.01
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.