Vulnerabilities > Lussumo > Vanilla > 1.1.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-04-09 | CVE-2010-1337 | Code Injection vulnerability in Lussumo Vanilla Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters. | 7.5 |
2008-08-29 | CVE-2008-3874 | Cross-Site Scripting vulnerability in Lussumo Vanilla Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). | 3.5 |