Vulnerabilities (CVE)

Filtered by vendor Vanillaforums Subscribe

Filtered by product Vanilla Forums

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2012-4954	1 Vanillaforums	2 Vanilla, Vanilla Forums	2020-06-04	3.5 LOW	N/A
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
CVE-2014-9685	1 Vanillaforums	2 Vanilla, Vanilla Forums	2020-06-04	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.