Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-forum vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-4027
The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting obje...
Simple-press Simple Press
NA
CVE-2007-6502
Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using ...
Hosting Controller Hosting Controller
1 EDB exploit
8.8
CVSSv3
CVE-2022-21684
Discourse is an open source discussion platform. Versions before 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_us...
Discourse Discourse 2.8.0
Discourse Discourse
10
CVSSv3
CVE-2021-32671
Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allow...
Flarum Flarum 1.0.0
Flarum Flarum 1.0.1
4.9
CVSSv3
CVE-2023-27577
flarum is a forum software package for building communities. In versions before 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of pa...
Flarum Flarum
5.4
CVSSv3
CVE-2023-22488
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification c...
Flarum Flarum
4.3
CVSSv3
CVE-2023-22487
Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special `@"<username>"#p<id>` syntax. The following behavior never changes no matte...
Flarum Flarum
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4