Vanillaforums Vanilla
11 CVEs affecting Vanillaforums Vanilla. Latest disclosed: 2017-05-23. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-10073 | High | 7.5 | 2017-05-23 | The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potential… |
CVE-2014-9685 | | 2015-02-25 | Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web sc… | |
CVE-2012-6557 | | 2013-05-23 | Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTM… | |
CVE-2013-3528 | | 2013-05-10 | Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection." | |
CVE-2013-3527 | | 2013-05-10 | Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the… | |
CVE-2012-4954 | | 2012-11-15 | The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value duri… | |
CVE-2011-3812 | | 2011-09-24 | Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error mes… | |
CVE-2011-0910 | | 2011-02-08 | The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to ar… | |
CVE-2011-0909 | | 2011-02-08 | Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter t… | |
CVE-2011-0908 | | 2011-02-08 | Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via… | |
CVE-2011-0526 | | 2011-02-08 | Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Ta… |