Vulnerabilities > Vanillaforums > Vanilla > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-10 | CVE-2020-8825 | Cross-site Scripting vulnerability in Vanillaforums Vanilla 2.6.3 index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS. | 3.5 |
| 2012-11-15 | CVE-2012-4954 | Permissions, Privileges, and Access Controls vulnerability in Vanillaforums Vanilla and Vanilla Forums The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue. | 3.5 |