Vanillaforums: Security Vulnerabilities
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-22
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-22
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
CVSS Score
5.4
EPSS Score
0.006
Published
2020-02-10
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-02-05
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-01-22
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
CVSS Score
9.8
EPSS Score
0.01
Published
2020-01-22
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.
CVSS Score
2.7
EPSS Score
0.003
Published
2019-03-21
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-03-02
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
CVSS Score
7.2
EPSS Score
0.023
Published
2018-11-23
Vanilla 2.6.x before 2.6.4 allows remote code execution.
CVSS Score
9.8
EPSS Score
0.051
Published
2018-11-03
Page 1