Filtered by vendor Vanillaforums
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3613 | 1 Vanillaforums | 1 Vanilla | 2020-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. | |||||
| CVE-2018-19499 | 1 Vanillaforums | 1 Vanilla | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class. | |||||
| CVE-2016-10073 | 1 Vanillaforums | 1 Vanilla | 2019-07-11 | 5.0 MEDIUM | 7.5 HIGH |
| The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request. | |||||
| CVE-2017-1000432 | 1 Vanillaforums | 1 Vanilla Forums | 2018-01-17 | 6.0 MEDIUM | 8.0 HIGH |
| Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access | |||||