Vulnerabilities > Vanillaforums

DATE CVE VULNERABILITY TITLE RISK
2021-06-22 CVE-2010-4264 Cross-Site Scripting vulnerability in Vanillaforums Vanilla Forums
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
4.3
2021-06-22 CVE-2010-4266 Open Redirect vulnerability in Vanillaforums Vanilla Forums
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
5.8
2020-02-10 CVE-2020-8825 Cross-Site Scripting vulnerability in Vanillaforums Vanilla 2.6.3
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
3.5
2020-02-05 CVE-2011-1009 Cross-Site Scripting vulnerability in Vanillaforums Vanilla Forums
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
4.3
2020-01-22 CVE-2011-3614 Unspecified vulnerability in Vanillaforums Vanilla
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
network
low complexity
vanillaforums
7.5
2020-01-22 CVE-2011-3613 Information Exposure vulnerability in Vanillaforums Vanilla
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
network
low complexity
vanillaforums CWE-200
5.0
2019-03-21 CVE-2019-9889 Path Traversal vulnerability in Vanillaforums Vanilla
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class.
network
low complexity
vanillaforums CWE-22
4.0
2019-03-02 CVE-2019-8279 Cross-Site Scripting vulnerability in Vanillaforums Vanilla Forums
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
3.5
2018-11-23 CVE-2018-19499 Deserialization of Untrusted Data vulnerability in Vanillaforums Vanilla
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
network
low complexity
vanillaforums CWE-502
6.5
2018-11-03 CVE-2018-18903 Code Injection vulnerability in Vanillaforums Vanilla 2.6.0/2.6.1/2.6.3
Vanilla 2.6.x before 2.6.4 allows remote code execution.
network
low complexity
vanillaforums CWE-94
7.5