Lucene search
K
VanillaforumsVanilla Forums*

5 matches found

CVE
CVE
added 2018/01/02 11:0 p.m.69 views

CVE-2017-1000432

CVE-2017-1000432 affects Vanilla Forums prior to 2.1.5. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows any registered user to delete topics and comments without admin rights. Root cause is CSRF in the Vanilla Forums workflow, enabling unauthorized state-changing actions. Exp...

8CVSS7.8AI score0.01647EPSS
CVE
CVE
added 2019/03/02 1:0 a.m.52 views

CVE-2019-8279

CVE-2019-8279 is a vulnerability in Vanilla Forums prior to 2.5 identified as multiple stored XSS in forum messages. The underlying issue is that arbitrary JavaScript could be injected into messages, enabling remote attackers to execute code in a user’s browser. The connected documents confirm th...

5.4CVSS5.4AI score0.00806EPSS
CVE
CVE
added 2018/08/26 5:0 p.m.45 views

CVE-2018-15833

In Vanilla Forums, versions before 2.6.1 are affected by an IDOR issue in the polling feature. The vulnerability arises because the Poll ID can be manipulated, allowing a single user to select multiple poll options (voting for multiple items). The impact is the unintended multiple-option voting w...

4.3CVSS4.6AI score0.00878EPSS
CVE
CVE
added 2021/06/22 1:24 p.m.43 views

CVE-2010-4264

Vulnerability: CVE-2010-4264 affects Vanilla Forums prior to 2.0.10, where a filename could contain arbitrary code that executes in the client (XSS). Affected product/versions: Vanilla Forums before 2.0.10. Root cause: filename-controlled input enabling client-side script execution. Impact: cross...

6.1CVSS6.2AI score0.00661EPSS
CVE
CVE
added 2021/06/22 1:38 p.m.43 views

CVE-2010-4266

CVE-2010-4266 affects Vanilla Forums prior to 2.0.10, with a dispatcher-related issue described as a potential linkbait vulnerability in the software. The available connected documents corroborate the affected product (Vanilla Forums) and version boundary (before 2.0.10). No explicit root-cause o...

6.1CVSS6.2AI score0.00581EPSS