5 matches found
CVE-2017-1000432
CVE-2017-1000432 affects Vanilla Forums prior to 2.1.5. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows any registered user to delete topics and comments without admin rights. Root cause is CSRF in the Vanilla Forums workflow, enabling unauthorized state-changing actions. Exp...
CVE-2019-8279
CVE-2019-8279 is a vulnerability in Vanilla Forums prior to 2.5 identified as multiple stored XSS in forum messages. The underlying issue is that arbitrary JavaScript could be injected into messages, enabling remote attackers to execute code in a user’s browser. The connected documents confirm th...
CVE-2018-15833
In Vanilla Forums, versions before 2.6.1 are affected by an IDOR issue in the polling feature. The vulnerability arises because the Poll ID can be manipulated, allowing a single user to select multiple poll options (voting for multiple items). The impact is the unintended multiple-option voting w...
CVE-2010-4264
Vulnerability: CVE-2010-4264 affects Vanilla Forums prior to 2.0.10, where a filename could contain arbitrary code that executes in the client (XSS). Affected product/versions: Vanilla Forums before 2.0.10. Root cause: filename-controlled input enabling client-side script execution. Impact: cross...
CVE-2010-4266
CVE-2010-4266 affects Vanilla Forums prior to 2.0.10, with a dispatcher-related issue described as a potential linkbait vulnerability in the software. The available connected documents corroborate the affected product (Vanilla Forums) and version boundary (before 2.0.10). No explicit root-cause o...