Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vanillaforums vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-17571
Vanilla prior to 2.6.1 allows XSS via the email field of a profile.
Vanillaforums Vanilla
356
VMScore
CVE-2018-16410
Vanilla prior to 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
Vanillaforums Vanilla 2.6.1
356
VMScore
CVE-2018-15833
In Vanilla prior to 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Vanillaforums Vanilla Forums
605
VMScore
CVE-2017-1000432
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
Vanillaforums Vanilla Forums
1 EDB exploit
505
VMScore
CVE-2016-10073
The from method in library/core/class.email.php in Vanilla Forums prior to 2.3.1 allows remote malicious users to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
Vanillaforums Vanilla
1 EDB exploit
1 Article
383
VMScore
CVE-2014-9685
Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums prior to 2.0.18.13 and 2.1.x prior to 2.1.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Vanillaforums Vanilla
Vanillaforums Vanilla Forums 2.1
435
VMScore
CVE-2012-6555
Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote malicious users to inject arbitrary web script or HTML via the discussion title.
Vanillaforums Latestcomment 1.1
1 EDB exploit
755
VMScore
CVE-2013-3528
Unspecified vulnerability in the update check in Vanilla Forums prior to 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
Vanillaforums Vanilla 2.0.18.4
Vanillaforums Vanilla 2.0.18.3
Vanillaforums Vanilla 2.0.18
Vanillaforums Vanilla 2.0.17.10
Vanillaforums Vanilla 2.0.17.8
Vanillaforums Vanilla 2.0.14
Vanillaforums Vanilla 2.0.13
Vanillaforums Vanilla 2.0.5
Vanillaforums Vanilla 2.0.4
Vanillaforums Vanilla 2.0.18.6
Vanillaforums Vanilla 2.0.18.5
Vanillaforums Vanilla 2.0.17.1
Vanillaforums Vanilla 2.0.17
Vanillaforums Vanilla 2.0.16.1
Vanillaforums Vanilla 2.0.15
Vanillaforums Vanilla 2.0.7
Vanillaforums Vanilla 2.0.6
Vanillaforums Vanilla
Vanillaforums Vanilla 2.0.17.2
Vanillaforums Vanilla 2.0.17.3
Vanillaforums Vanilla 2.0.17.7
Vanillaforums Vanilla 2.0.16
1 EDB exploit
755
VMScore
CVE-2013-3527
Multiple SQL injection vulnerabilities in Vanilla Forums prior to 2.0.18.8 allow remote malicious users to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
Vanillaforums Vanilla 2.0.18.3
Vanillaforums Vanilla 2.0.18.1
Vanillaforums Vanilla 2.0.18
Vanillaforums Vanilla 2.0.17.4
Vanillaforums Vanilla 2.0.17.8
Vanillaforums Vanilla 2.0.17.9
Vanillaforums Vanilla 2.0.12
Vanillaforums Vanilla 2.0.11
Vanillaforums Vanilla 2.0.4
Vanillaforums Vanilla 2.0.3
Vanillaforums Vanilla
Vanillaforums Vanilla 2.0.18.6
Vanillaforums Vanilla 2.0.18.5
Vanillaforums Vanilla 2.0.18.4
Vanillaforums Vanilla 2.0.17
Vanillaforums Vanilla 2.0.17.10
Vanillaforums Vanilla 2.0.15
Vanillaforums Vanilla 2.0.14
Vanillaforums Vanilla 2.0.13
Vanillaforums Vanilla 2.0.6
Vanillaforums Vanilla 2.0.5
Vanillaforums Vanilla 2.0.17.3
1 EDB exploit
312
VMScore
CVE-2012-4954
The edit-profile page in Vanilla Forums prior to 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
Vanillaforums Vanilla 2.0.17.4
Vanillaforums Vanilla 2.0.16
Vanillaforums Vanilla 2.0.15
Vanillaforums Vanilla 2.0.18
Vanillaforums Vanilla 2.0.18.1
Vanillaforums Vanilla 2.0.17.10
Vanillaforums Vanilla 2.0.7
Vanillaforums Vanilla 2.0.6
Vanillaforums Vanilla 2.0.17.5
Vanillaforums Vanilla 2.0.17.2
Vanillaforums Vanilla 2.0.14
Vanillaforums Vanilla 2.0.13
Vanillaforums Vanilla 2.0.17.9
Vanillaforums Vanilla 2.0.17.8
Vanillaforums Vanilla 2.0.5
Vanillaforums Vanilla 2.0.4
Vanillaforums Vanilla 2.0.17
Vanillaforums Vanilla 2.0.9
Vanillaforums Vanilla 2.0.10
Vanillaforums Vanilla
Vanillaforums Vanilla 2.0.18.3
Vanillaforums Vanilla 2.0.16.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »