Vulnerabilities > Vanillaforums

DATE CVE VULNERABILITY TITLE RISK
2021-06-22 CVE-2010-4264 Unspecified vulnerability in Vanillaforums Vanilla Forums
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
network
low complexity
vanillaforums
6.1
2021-06-22 CVE-2010-4266 Unspecified vulnerability in Vanillaforums Vanilla Forums
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
network
low complexity
vanillaforums
6.1
2020-02-10 CVE-2020-8825 Cross-site Scripting vulnerability in Vanillaforums Vanilla 2.6.3
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
network
low complexity
vanillaforums CWE-79
5.4
2020-02-05 CVE-2011-1009 Cross-site Scripting vulnerability in Vanillaforums Vanilla
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
network
low complexity
vanillaforums CWE-79
6.1
2020-01-22 CVE-2011-3614 Unspecified vulnerability in Vanillaforums Vanilla
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
network
low complexity
vanillaforums
critical
9.8
2020-01-22 CVE-2011-3613 Information Exposure vulnerability in Vanillaforums Vanilla
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
network
low complexity
vanillaforums CWE-200
7.5
2019-03-21 CVE-2019-9889 Path Traversal vulnerability in Vanillaforums Vanilla
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class.
network
low complexity
vanillaforums CWE-22
2.7
2019-03-02 CVE-2019-8279 Cross-site Scripting vulnerability in Vanillaforums Vanilla Forums
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
network
low complexity
vanillaforums CWE-79
5.4
2018-11-23 CVE-2018-19499 Deserialization of Untrusted Data vulnerability in Vanillaforums Vanilla
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
network
low complexity
vanillaforums CWE-502
7.2
2018-11-03 CVE-2018-18903 Code Injection vulnerability in Vanillaforums Vanilla 2.6.0/2.6.1/2.6.3
Vanilla 2.6.x before 2.6.4 allows remote code execution.
network
low complexity
vanillaforums CWE-94
critical
9.8