Vulnerabilities > Vanillaforums > Vanilla Forums > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-02 | CVE-2019-8279 | Cross-site Scripting vulnerability in Vanillaforums Vanilla Forums Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum. | 3.5 |
| 2012-11-15 | CVE-2012-4954 | Permissions, Privileges, and Access Controls vulnerability in Vanillaforums Vanilla and Vanilla Forums The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue. | 3.5 |