Vulnerabilities > Vanillaforums > Vanilla Forums > 2.0.18.12

DATE CVE VULNERABILITY TITLE RISK
2019-03-02 CVE-2019-8279 Cross-site Scripting vulnerability in Vanillaforums Vanilla Forums
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
network
low complexity
vanillaforums CWE-79
5.4
5.4
2018-08-26 CVE-2018-15833 Authorization Bypass Through User-Controlled Key vulnerability in Vanillaforums Vanilla Forums
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
network
low complexity
vanillaforums CWE-639
4.3
4.3
2018-01-02 CVE-2017-1000432 Cross-Site Request Forgery (CSRF) vulnerability in Vanillaforums Vanilla Forums
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
network
low complexity
vanillaforums CWE-352
8.0
8.0