VYPR

Vanilla Forums

by Vanilla OS

Source repositories

CVEs (7)

  • CVE-2011-3614CriJan 22, 2020
    risk 0.64cvss 9.8epss 0.02

    An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.

  • CVE-2011-3613HigJan 22, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.

  • CVE-2010-4266MedJun 22, 2021
    risk 0.40cvss 6.1epss 0.01

    It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.

  • CVE-2019-8279MedMar 2, 2019
    risk 0.35cvss 5.4epss 0.01

    Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.

  • CVE-2010-4264MedJun 22, 2021
    risk 0.33cvss 6.1epss 0.01

    It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.

  • CVE-2011-1009MedFeb 5, 2020
    risk 0.33cvss 6.1epss 0.01

    Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.

  • CVE-2012-4954Nov 15, 2012
    risk 0.00cvss epss 0.01

    The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.