7 matches found
CVE-2017-1000432
CVE-2017-1000432 affects Vanilla Forums prior to 2.1.5. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows any registered user to delete topics and comments without admin rights. Root cause is CSRF in the Vanilla Forums workflow, enabling unauthorized state-changing actions. Exp...
CVE-2012-4954
Summary (evidence-based): Vanilla Forums, prior to version 2.1a32, is affected by a parameter manipulation vulnerability on the edit-profile page. An authenticated attacker who can perform a man-in-the-middle attack can replace the target UserID and modify arbitrary profile settings, including th...
CVE-2019-8279
CVE-2019-8279 is a vulnerability in Vanilla Forums prior to 2.5 identified as multiple stored XSS in forum messages. The underlying issue is that arbitrary JavaScript could be injected into messages, enabling remote attackers to execute code in a user’s browser. The connected documents confirm th...
CVE-2018-15833
In Vanilla Forums, versions before 2.6.1 are affected by an IDOR issue in the polling feature. The vulnerability arises because the Poll ID can be manipulated, allowing a single user to select multiple poll options (voting for multiple items). The impact is the unintended multiple-option voting w...
CVE-2010-4266
CVE-2010-4266 affects Vanilla Forums prior to 2.0.10, with a dispatcher-related issue described as a potential linkbait vulnerability in the software. The available connected documents corroborate the affected product (Vanilla Forums) and version boundary (before 2.0.10). No explicit root-cause o...
CVE-2014-9685
Summary: CVE-2014-9685 concerns multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums. Affected versions are prior to 2.0.18.13 and 2.1.x prior to 2.1.1. The bugs allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The documented impact is user-v...
CVE-2010-4264
Vulnerability: CVE-2010-4264 affects Vanilla Forums prior to 2.0.10, where a filename could contain arbitrary code that executes in the client (XSS). Affected product/versions: Vanilla Forums before 2.0.10. Root cause: filename-controlled input enabling client-side script execution. Impact: cross...