Lucene search
K
VanillaforumsVanilla

19 matches found

CVE
CVE
added 2017/05/23 3:56 a.m.123 views

CVE-2016-10073

Vanilla Forums

7.5CVSS7.2AI score0.83614EPSS
Web
CVE
CVE
added 2020/02/10 11:14 a.m.89 views

CVE-2020-8825

Vanilla Forums 2.6.3 is affected by a stored cross-site scripting (XSS) vulnerability in index.php?p=/dashboard/settings/branding. The issue arises from insufficient input validation in the branding settings page, enabling an attacker to inject payloads that can execute in a user’s browser. The C...

5.4CVSS5.3AI score0.01875EPSS
Web
CVE
CVE
added 2011/02/08 8:0 p.m.66 views

CVE-2011-0526

CVE-2011-0526 is a documented XSS in Vanilla Forums prior to 2.0.17. An attacker could inject arbitrary script/HTML via the Target parameter in the /entry/signin action (index.php). The Red Hat and NVD entries confirm the affected product and vector, with no exploitation details provided in the s...

4.3CVSS5.7AI score0.01272EPSS
Web
CVE
CVE
added 2013/05/10 9:0 p.m.63 views

CVE-2013-3528

Vanilla Forums prior to 2.0.18.6 is vulnerable to a PHP Object Injection in class.utilitycontroller.php (

7.5CVSS6.5AI score0.05667EPSS
CVE
CVE
added 2020/01/22 5:27 p.m.61 views

CVE-2011-3614

CVE-2011-3614 affects Vanilla Forums (Facebook, Twitter, and Embedded plugins) prior to version 2.0.17.9. The issue is an Access Control vulnerability that could impact confidentiality, integrity, and availability. Remediation: upgrade to Vanilla Forums 2.0.17.9 or newer; apply any vendor-supplie...

9.8CVSS9.3AI score0.01958EPSS
CVE
CVE
added 2012/11/15 11:0 a.m.59 views

CVE-2012-4954

Summary (evidence-based): Vanilla Forums, prior to version 2.1a32, is affected by a parameter manipulation vulnerability on the edit-profile page. An authenticated attacker who can perform a man-in-the-middle attack can replace the target UserID and modify arbitrary profile settings, including th...

3.5CVSS6.5AI score0.01067EPSS
CVE
CVE
added 2018/11/03 5:0 a.m.55 views

CVE-2018-18903

The CVE-2018-18903 issue affects Vanilla Forums (Vanilla) in the domGetImages function of the ImportController, where unserialize via a crafted phar archive enables remote code execution without authentication. This is tied to Vanilla Forums prior to 2.6.4. Affected product: Vanilla Forums; vulne...

9.8CVSS9.8AI score0.05152EPSS
CVE
CVE
added 2020/01/22 5:19 p.m.54 views

CVE-2011-3613

Vanilla Forums before 2.0.17.9 contains a cookie handling issue that can lead to information disclosure. The vulnerability affects Vanilla Forums (PHP-based open source forum) and is described across multiple connected entries (CVE-2011-3613; CNVD-2020-13206). Root cause: improper cookie handling...

7.5CVSS7.4AI score0.0173EPSS
CVE
CVE
added 2020/02/05 8:41 p.m.53 views

CVE-2011-1009

CVE-2011-1009 affects Vanilla Forums versions 2.0.17.1–2.0.17.5, where an XSS flaw exists in /vanilla/index.php via the p parameter. The issue is validated by multiple connected sources (NVD entry and Red Hat/CVE pages). The vulnerability enables cross-site scripting within affected installations...

6.1CVSS6AI score0.00804EPSS
Web
CVE
CVE
added 2011/02/08 8:0 p.m.52 views

CVE-2011-0908

CVE-2011-0908 concerns Vanilla Forums before 2.0.17.6, with an open redirect vulnerability that can send users to arbitrary sites via a URL in the Target parameter to an unspecified component (open redirect, not CVE-2011-0526). Red Hat entries corroborate the same description. The sources do not ...

5.8CVSS6.7AI score0.00959EPSS
CVE
CVE
added 2018/11/23 7:0 p.m.50 views

CVE-2018-19499

The CVE-2018-19499 issue affects Vanilla Forums (Vanilla) where the unserialize vulnerability is in the Gdn_Format class. A crafted phar-archive can trigger remote code execution, requiring authentication (which can be bypassed according to the advisory) and allowing code execution under the web ...

7.2CVSS7.1AI score0.02017EPSS
CVE
CVE
added 2019/03/20 10:12 p.m.50 views

CVE-2019-9889

Vanilla Forums vulnerability CVE-2019-9889 affects Vanilla before 2.6.4. The flaw is in AddonManager::getSingleIndex where a crafted type value leads to a Directory Traversal with File Inclusion, enabling remote code execution under the web server's context. Reports confirm the issue allows code ...

4CVSS4.1AI score0.02425EPSS
CVE
CVE
added 2011/02/08 8:0 p.m.49 views

CVE-2011-0909

Vanilla Forums is affected by CVE-2011-0909 (before 2.0.17.6). The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component. Connected Red Hat CVE entries corroborate the same description...

4.3CVSS5.7AI score0.00855EPSS
CVE
CVE
added 2013/05/10 9:0 p.m.47 views

CVE-2013-3527

Vanilla Forums suffers SQL injection in versions before 2.0.18.8. The vulnerability allows remote attackers to inject arbitrary SQL via the Form/Email parameter array during entry/signin or entry/passwordrequest, potentially compromising data. Affected component: Vanilla Forums core (web applicat...

7.5CVSS8.8AI score0.03511EPSS
Web
CVE
CVE
added 2011/09/24 12:0 a.m.45 views

CVE-2011-3812

CVE-2011-3812 affects Vanilla CMS 2.0.16, where a remote attacker can trigger an error message from direct requests to PHP files (notably plugins/Minify/min/utils.php) to reveal the installation path. The documents do not specify a confirmed patch or workaround; remediation details are not provid...

5CVSS6.3AI score0.01229EPSS
CVE
CVE
added 2011/02/08 8:0 p.m.44 views

CVE-2011-0910

Vanilla Forums vulnerability CVE-2011-0910 affects versions before 2.0.17.6. The cookie implementation allows remote attackers to spoof signed requests and potentially gain access to arbitrary user accounts via HMAC timing attacks. Root cause: flawed cookie handling enabling timing-based forgery....

6.4CVSS6.9AI score0.01047EPSS
CVE
CVE
added 2018/09/03 7:0 p.m.43 views

CVE-2018-16410

CVE-2018-16410 affects Vanilla before 2.6.1 and allows SQL injection via an invitationID array to /profile/deleteInvitation. The vulnerability relates to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. According to CVSS, ...

6.5CVSS6.9AI score0.0094EPSS
Web
CVE
CVE
added 2015/02/25 10:0 p.m.42 views

CVE-2014-9685

Summary: CVE-2014-9685 concerns multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums. Affected versions are prior to 2.0.18.13 and 2.1.x prior to 2.1.1. The bugs allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The documented impact is user-v...

4.3CVSS5.9AI score0.01773EPSS
CVE
CVE
added 2018/09/28 5:0 a.m.42 views

CVE-2018-17571

CVE-2018-17571 affects Vanilla before 2.6.1. The vulnerability is a cross-site scripting (XSS) flaw reachable via the email field in a user profile. The connected CNVD/NVD/OSV entries consistently describe the same issue and identify Vanilla 2.6.1 as the fixed version. Practical impact, per the s...

6.1CVSS5.9AI score0.00675EPSS