Vulnerabilities > Vanillaforums

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-28	CVE-2018-17571	Cross-site Scripting vulnerability in Vanillaforums Vanilla Vanilla before 2.6.1 allows XSS via the email field of a profile. network vanillaforums CWE-79	4.3
2018-09-03	CVE-2018-16410	SQL Injection vulnerability in Vanillaforums Vanilla 2.6.1 Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. network low complexity vanillaforums CWE-89	4.0
2018-08-26	CVE-2018-15833	Authorization Bypass Through User-Controlled Key vulnerability in Vanillaforums Vanilla Forums In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items). network low complexity vanillaforums CWE-639	4.0
2018-01-02	CVE-2017-1000432	Cross-Site Request Forgery (CSRF) vulnerability in Vanillaforums Vanilla Forums Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access network vanillaforums CWE-352	6.0
2017-05-23	CVE-2016-10073	Information Exposure vulnerability in Vanillaforums Vanilla The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request. network low complexity vanillaforums CWE-200	5.0
2015-02-25	CVE-2014-9685	Cross-site Scripting vulnerability in Vanillaforums Vanilla and Vanilla Forums Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. network vanillaforums CWE-79	4.3
2013-05-23	CVE-2012-6557	Cross-Site Scripting vulnerability in Zodiacdm Aboutme-Plugin 1.1.1 Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. network zodiacdm vanillaforums CWE-79	4.3
2013-05-23	CVE-2012-6556	Cross-Site Scripting vulnerability in Jspautsch Firstlastnames 1.1.1 Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. network jspautsch vanillaforums CWE-79	4.3
2013-05-23	CVE-2012-6555	Cross-site Scripting vulnerability in Vanillaforums Latestcomment 1.1 Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title. network vanillaforums CWE-79	4.3
2013-05-10	CVE-2013-3528	PHP Code Injection vulnerability in Vanillaforums Vanilla Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection." network low complexity vanillaforums	7.5

Vulnerabilities > Vanillaforums {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Vanillaforums"}]}

Vulnerabilities > Vanillaforums