Vulnerabilities > Bbpress > Bbpress > 1.0.2

DATE CVE VULNERABILITY TITLE RISK
2020-02-05 CVE-2011-1150 Cross-site Scripting vulnerability in Bbpress 1.0.2
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.
network
bbpress CWE-79
4.3
2011-09-23 CVE-2011-3710 Information Exposure vulnerability in Bbpress 1.0.2
bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files.
network
low complexity
bbpress CWE-200
5.0