Filtered by vendor Vanillaforums
Subscriptions
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-9889 | 1 Vanillaforums | 1 Vanilla | 2019-03-26 | N/A |
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server. | ||||
CVE-2019-8279 | 1 Vanillaforums | 1 Vanilla Forums | 2019-03-04 | N/A |
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum. | ||||
CVE-2018-18903 | 1 Vanillaforums | 1 Vanilla | 2018-12-26 | N/A |
Vanilla 2.6.x before 2.6.4 allows remote code execution. | ||||
CVE-2018-17571 | 1 Vanillaforums | 1 Vanilla | 2018-11-15 | N/A |
Vanilla before 2.6.1 allows XSS via the email field of a profile. | ||||
CVE-2018-16410 | 1 Vanillaforums | 1 Vanilla | 2018-10-25 | N/A |
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. | ||||
CVE-2017-1000432 | 1 Vanillaforums | 1 Vanilla Forums | 2018-01-17 | N/A |
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access |