Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vanillaforums vanilla vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-18903
Vanilla 2.6.x prior to 2.6.4 allows remote code execution.
Vanillaforums Vanilla
6.1
CVSSv3
CVE-2011-1009
Vanilla Forums 2.0.17.1 up to and including 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
Vanillaforums Vanilla
9.8
CVSSv3
CVE-2011-3614
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums prior to 2.0.17.9.
Vanillaforums Vanilla
7.5
CVSSv3
CVE-2011-3613
An issue exists in Vanilla Forums prior to 2.0.17.9 due to the way cookies are handled.
Vanillaforums Vanilla
7.2
CVSSv3
CVE-2018-19499
Vanilla prior to 2.5.5 and 2.6.x prior to 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
Vanillaforums Vanilla
6.1
CVSSv3
CVE-2018-17571
Vanilla prior to 2.6.1 allows XSS via the email field of a profile.
Vanillaforums Vanilla
4.3
CVSSv3
CVE-2018-15833
In Vanilla prior to 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Vanillaforums Vanilla Forums
5.4
CVSSv3
CVE-2020-8825
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
Vanillaforums Vanilla 2.6.3
1 Github repository
8
CVSSv3
CVE-2017-1000432
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
Vanillaforums Vanilla Forums
1 EDB exploit
6.5
CVSSv3
CVE-2018-16410
Vanilla prior to 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
Vanillaforums Vanilla 2.6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »