Filtered by vendor Vanillaforums
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10073 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | N/A |
| The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request. | ||||
| CVE-2011-3614 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 9.8 Critical |
| An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. | ||||
| CVE-2011-3613 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 7.5 High |
| An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. | ||||
| CVE-2011-1009 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 6.1 Medium |
| Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter. | ||||
| CVE-2010-4266 | 1 Vanillaforums | 1 Vanilla Forums | 2024-11-21 | 6.1 Medium |
| It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher. | ||||
| CVE-2010-4264 | 1 Vanillaforums | 1 Vanilla Forums | 2024-11-21 | 6.1 Medium |
| It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side. | ||||