Vanillaforums: >> Vanilla Forums >> 2.0 Security Vulnerabilities
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-22
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-22
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-03-02
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
CVSS Score
4.3
EPSS Score
0.002
Published
2018-08-26
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
CVSS Score
8.0
EPSS Score
0.002
Published
2018-01-02