Lucene search
K
VanillaforumsVanilla Forums

7 matches found

CVE
CVE
added 2018/01/02 11:0 p.m.67 views

CVE-2017-1000432

CVE-2017-1000432 affects Vanilla Forums prior to 2.1.5. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows any registered user to delete topics and comments without admin rights. Root cause is CSRF in the Vanilla Forums workflow, enabling unauthorized state-changing actions. Exp...

8CVSS7.8AI score0.01647EPSS
CVE
CVE
added 2012/11/15 11:0 a.m.59 views

CVE-2012-4954

Summary (evidence-based): Vanilla Forums, prior to version 2.1a32, is affected by a parameter manipulation vulnerability on the edit-profile page. An authenticated attacker who can perform a man-in-the-middle attack can replace the target UserID and modify arbitrary profile settings, including th...

3.5CVSS6.5AI score0.01067EPSS
CVE
CVE
added 2019/03/02 1:0 a.m.51 views

CVE-2019-8279

CVE-2019-8279 is a vulnerability in Vanilla Forums prior to 2.5 identified as multiple stored XSS in forum messages. The underlying issue is that arbitrary JavaScript could be injected into messages, enabling remote attackers to execute code in a user’s browser. The connected documents confirm th...

5.4CVSS5.4AI score0.00806EPSS
CVE
CVE
added 2018/08/26 5:0 p.m.44 views

CVE-2018-15833

In Vanilla Forums, versions before 2.6.1 are affected by an IDOR issue in the polling feature. The vulnerability arises because the Poll ID can be manipulated, allowing a single user to select multiple poll options (voting for multiple items). The impact is the unintended multiple-option voting w...

4.3CVSS4.6AI score0.00878EPSS
CVE
CVE
added 2021/06/22 1:38 p.m.42 views

CVE-2010-4266

CVE-2010-4266 affects Vanilla Forums prior to 2.0.10, with a dispatcher-related issue described as a potential linkbait vulnerability in the software. The available connected documents corroborate the affected product (Vanilla Forums) and version boundary (before 2.0.10). No explicit root-cause o...

6.1CVSS6.2AI score0.00581EPSS
CVE
CVE
added 2015/02/25 10:0 p.m.42 views

CVE-2014-9685

Summary: CVE-2014-9685 concerns multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums. Affected versions are prior to 2.0.18.13 and 2.1.x prior to 2.1.1. The bugs allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The documented impact is user-v...

4.3CVSS5.9AI score0.01773EPSS
CVE
CVE
added 2021/06/22 1:24 p.m.40 views

CVE-2010-4264

Vulnerability: CVE-2010-4264 affects Vanilla Forums prior to 2.0.10, where a filename could contain arbitrary code that executes in the client (XSS). Affected product/versions: Vanilla Forums before 2.0.10. Root cause: filename-controlled input enabling client-side script execution. Impact: cross...

6.1CVSS6.2AI score0.00661EPSS