Vulnerabilities (CVE)

Filtered by vendor Vanillaforums Subscribe

Filtered by product Vanilla

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-8825	1 Vanillaforums	1 Vanilla	2021-12-30	3.5 LOW	5.4 MEDIUM
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
CVE-2011-1009	1 Vanillaforums	1 Vanilla	2020-02-06	4.3 MEDIUM	6.1 MEDIUM
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
CVE-2018-17571	1 Vanillaforums	1 Vanilla	2018-11-15	4.3 MEDIUM	6.1 MEDIUM
Vanilla before 2.6.1 allows XSS via the email field of a profile.
CVE-2018-16410	1 Vanillaforums	1 Vanilla	2018-10-25	4.0 MEDIUM	6.5 MEDIUM
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.