It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
References
Link | Resource |
---|---|
https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece | Patch Third Party Advisory |
https://seclists.org/oss-sec/2010/q4/282 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2021-06-22T13:24:04
Updated: 2021-06-22T13:24:04
Reserved: 2010-11-16T00:00:00
Link: CVE-2010-4264
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-22T14:15:08.167
Modified: 2021-06-25T17:14:08.437
Link: CVE-2010-4264
JSON object: View
Redhat Information
No data.
CWE