Vanillaforums: >> Vanilla >> 2.6.3 Security Vulnerabilities
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
CVSS Score
5.4
EPSS Score
0.006
Published
2020-02-10
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.
CVSS Score
2.7
EPSS Score
0.003
Published
2019-03-21
Vanilla 2.6.x before 2.6.4 allows remote code execution.
CVSS Score
9.8
EPSS Score
0.051
Published
2018-11-03