Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vanillaforums vanilla vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2011-3613
An issue exists in Vanilla Forums prior to 2.0.17.9 due to the way cookies are handled.
Vanillaforums Vanilla
6.1
CVSSv3
CVE-2011-1009
Vanilla Forums 2.0.17.1 up to and including 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
Vanillaforums Vanilla
7.2
CVSSv3
CVE-2018-19499
Vanilla prior to 2.5.5 and 2.6.x prior to 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
Vanillaforums Vanilla
6.1
CVSSv3
CVE-2018-17571
Vanilla prior to 2.6.1 allows XSS via the email field of a profile.
Vanillaforums Vanilla
9.8
CVSSv3
CVE-2011-3614
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums prior to 2.0.17.9.
Vanillaforums Vanilla
9.8
CVSSv3
CVE-2018-18903
Vanilla 2.6.x prior to 2.6.4 allows remote code execution.
Vanillaforums Vanilla
8
CVSSv3
CVE-2017-1000432
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
Vanillaforums Vanilla Forums
1 EDB exploit
4.3
CVSSv3
CVE-2018-15833
In Vanilla prior to 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Vanillaforums Vanilla Forums
NA
CVE-2011-3812
Vanilla 2.0.16 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.
Vanillaforums Vanilla 2.0.16
5.4
CVSSv3
CVE-2020-8825
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
Vanillaforums Vanilla 2.6.3
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »