Vanilla Security Vulnerabilities and Issues — Vanilla CVE List

Lucene search

LussumoVanilla

3 matches found

CVE•added 2009/06/01 7:30 p.m.•32 views

CVE-2009-1845

Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter.

4.3CVSS5.9AI score0.00959EPSS

CVE•added 2008/08/21 5:41 p.m.•27 views

CVE-2008-3760

Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php.

4.3CVSS7.2AI score0.00374EPSS

CVE•added 2008/08/21 5:41 p.m.•26 views

CVE-2008-3758

Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account pic...

4.3CVSS5.5AI score0.07551EPSS