CVE-2010-4264
- EPSS 0.24%
- Veröffentlicht 22.06.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 01:20:34
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
CVE-2010-4266
- EPSS 0.2%
- Veröffentlicht 22.06.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 01:20:34
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
CVE-2019-8279
- EPSS 0.16%
- Veröffentlicht 02.03.2019 01:29:00
- Zuletzt bearbeitet 21.11.2024 04:49:38
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
CVE-2018-15833
- EPSS 0.19%
- Veröffentlicht 26.08.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:31
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
- EPSS 0.24%
- Veröffentlicht 02.01.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:43
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
CVE-2014-9685
- EPSS 0.32%
- Veröffentlicht 25.02.2015 22:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4954
- EPSS 0.32%
- Veröffentlicht 15.11.2012 11:58:40
- Zuletzt bearbeitet 11.04.2025 00:51:21
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.