Vanilla Security Vulnerabilities and Issues — Vanilla CVE List

Lucene search

VanillaforumsVanilla

5 matches found

CVE•added 2011/02/08 9:0 p.m.•53 views

CVE-2011-0526

Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.

4.3CVSS5.7AI score0.00515EPSS

CVE•added 2011/02/08 9:0 p.m.•35 views

CVE-2011-0908

Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526.

5.8CVSS6.7AI score0.00515EPSS

CVE•added 2011/02/08 9:0 p.m.•34 views

CVE-2011-0909

Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.

4.3CVSS5.7AI score0.00515EPSS

CVE•added 2011/02/08 9:0 p.m.•32 views

CVE-2011-0910

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

6.4CVSS6.9AI score0.00243EPSS

CVE•added 2011/09/24 12:55 a.m.•31 views

CVE-2011-3812

Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.

5CVSS6.3AI score0.00283EPSS