Vulnerabilities > Vanillaforums > Vanilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-10 CVE-2020-8825 Cross-site Scripting vulnerability in Vanillaforums Vanilla 2.6.3
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
network
low complexity
vanillaforums CWE-79
5.4
5.4
2020-02-05 CVE-2011-1009 Cross-site Scripting vulnerability in Vanillaforums Vanilla
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
network
low complexity
vanillaforums CWE-79
6.1
6.1
2018-09-28 CVE-2018-17571 Cross-site Scripting vulnerability in Vanillaforums Vanilla
Vanilla before 2.6.1 allows XSS via the email field of a profile.
network
low complexity
vanillaforums CWE-79
6.1
6.1
2018-09-03 CVE-2018-16410 SQL Injection vulnerability in Vanillaforums Vanilla 2.6.1
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
network
low complexity
vanillaforums CWE-89
6.5
6.5