Vanilla@* Security Vulnerabilities and Issues — Vanilla@* CVE List

Lucene search

VanillaforumsVanilla*

5 matches found

CVE•added 2020/01/22 6:15 p.m.•50 views

CVE-2011-3614

An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.

9.8CVSS9.3AI score0.01019EPSS

CVE•added 2020/01/22 6:15 p.m.•43 views

CVE-2011-3613

An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.

7.5CVSS7.4AI score0.00745EPSS

CVE•added 2019/03/21 4:1 p.m.•38 views

CVE-2019-9889

In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of t...

4CVSS4.1AI score0.00324EPSS

CVE•added 2018/11/23 7:29 p.m.•36 views

CVE-2018-19499

Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.

7.2CVSS7.1AI score0.0231EPSS

CVE•added 2018/09/28 5:29 a.m.•33 views

CVE-2018-17571

Vanilla before 2.6.1 allows XSS via the email field of a profile.

6.1CVSS5.9AI score0.0024EPSS