Improper input validation in Vanillaforums Vanilla

CVE-2011-0908

Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerab…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (45.2th percentile) — read the EPSS interpretation.

Affected products

Vanillaforums Vanilla — versions 2.0.9, 2.0.10, 2.0.11
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (x_refsource_CONFIRM)