6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.3%
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece
seclists.org/oss-sec/2010/q4/282