Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for vanilla_forums by vanillaforums
CVE-2010-4266 (GCVE-0-2010-4266)
Vulnerability from cvelistv5 – Published: 2021-06-22 13:38 – Updated: 2024-08-07 03:43
VLAI
Summary
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://open.vanillaforums.com/discussion/13119/v… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | vanilla forums |
Affected:
vanilla forums before 2.0.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:13.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://open.vanillaforums.com/discussion/13119/vanilla-2.0.10-released/p1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vanilla forums",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vanilla forums before 2.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T13:38:24.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://open.vanillaforums.com/discussion/13119/vanilla-2.0.10-released/p1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vanilla forums",
"version": {
"version_data": [
{
"version_value": "vanilla forums before 2.0.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://open.vanillaforums.com/discussion/13119/vanilla-2.0.10-released/p1",
"refsource": "MISC",
"url": "https://open.vanillaforums.com/discussion/13119/vanilla-2.0.10-released/p1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4266",
"datePublished": "2021-06-22T13:38:24.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:13.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4264 (GCVE-0-2010-4264)
Vulnerability from cvelistv5 – Published: 2021-06-22 13:24 – Updated: 2024-08-07 03:43
VLAI
Summary
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/vanilla/vanilla/commit/4535a05… | x_refsource_MISC |
| https://seclists.org/oss-sec/2010/q4/282 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | vanilla forums |
Affected:
vanilla forums before 2.0.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:13.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2010/q4/282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vanilla forums",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vanilla forums before 2.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T13:24:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2010/q4/282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vanilla forums",
"version": {
"version_data": [
{
"version_value": "vanilla forums before 2.0.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece",
"refsource": "MISC",
"url": "https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece"
},
{
"name": "https://seclists.org/oss-sec/2010/q4/282",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2010/q4/282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4264",
"datePublished": "2021-06-22T13:24:04.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:13.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8279 (GCVE-0-2019-8279)
Vulnerability from cvelistv5 – Published: 2019-03-02 01:00 – Updated: 2024-09-17 00:21
VLAI
Summary
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
Severity
No CVSS data available.
CWE
- Multiple XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://scriptinjection.blogspot.com/2019/02/vani… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kaspersky Lab | Vanilla Forums |
Affected:
Before 2.5
|
Date Public
2019-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scriptinjection.blogspot.com/2019/02/vanilla-forums-25-stored-xss-in-any.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vanilla Forums",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "Before 2.5"
}
]
}
],
"datePublic": "2019-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-02T00:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scriptinjection.blogspot.com/2019/02/vanilla-forums-25-stored-xss-in-any.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-02-15T00:00:00",
"ID": "CVE-2019-8279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vanilla Forums",
"version": {
"version_data": [
{
"version_value": "Before 2.5"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://scriptinjection.blogspot.com/2019/02/vanilla-forums-25-stored-xss-in-any.html",
"refsource": "MISC",
"url": "https://scriptinjection.blogspot.com/2019/02/vanilla-forums-25-stored-xss-in-any.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8279",
"datePublished": "2019-03-02T01:00:00.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:21:56.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15833 (GCVE-0-2018-15833)
Vulnerability from cvelistv5 – Published: 2018-08-26 17:00 – Updated: 2024-08-05 10:01
VLAI
Summary
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://twitter.com/viperbluff/status/10330678829… | x_refsource_MISC |
| https://open.vanillaforums.com/discussion/36559 | x_refsource_MISC |
| https://hackerone.com/reports/326434 | x_refsource_MISC |
| https://twitter.com/viperbluff/status/10336403338… | x_refsource_MISC |
Date Public
2018-08-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/viperbluff/status/1033067882941304832"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://open.vanillaforums.com/discussion/36559"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/326434"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/viperbluff/status/1033640333890834433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-26T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/viperbluff/status/1033067882941304832"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://open.vanillaforums.com/discussion/36559"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/326434"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/viperbluff/status/1033640333890834433"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/viperbluff/status/1033067882941304832",
"refsource": "MISC",
"url": "https://twitter.com/viperbluff/status/1033067882941304832"
},
{
"name": "https://open.vanillaforums.com/discussion/36559",
"refsource": "MISC",
"url": "https://open.vanillaforums.com/discussion/36559"
},
{
"name": "https://hackerone.com/reports/326434",
"refsource": "MISC",
"url": "https://hackerone.com/reports/326434"
},
{
"name": "https://twitter.com/viperbluff/status/1033640333890834433",
"refsource": "MISC",
"url": "https://twitter.com/viperbluff/status/1033640333890834433"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15833",
"datePublished": "2018-08-26T17:00:00.000Z",
"dateReserved": "2018-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:01:54.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000432 (GCVE-0-2017-1000432)
Vulnerability from cvelistv5 – Published: 2018-01-02 23:00 – Updated: 2024-08-05 22:00
VLAI
Summary
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/43462/ | exploitx_refsource_EXPLOIT-DB |
| https://open.vanillaforums.com/discussion/28337/v… | x_refsource_CONFIRM |
Date Public
2014-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:40.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43462",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43462/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00.000Z",
"datePublic": "2014-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43462",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43462/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000432",
"REQUESTER": "anandkmr27@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43462",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43462/"
},
{
"name": "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14",
"refsource": "CONFIRM",
"url": "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000432",
"datePublished": "2018-01-02T23:00:00.000Z",
"dateReserved": "2018-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:00:40.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9685 (GCVE-0-2014-9685)
Vulnerability from cvelistv5 – Published: 2015-02-25 22:00 – Updated: 2024-08-06 13:55
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://vanillaforums.org/discussion/27540/vanilla… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1031822 | vdb-entryx_refsource_SECTRACK |
| http://vanillaforums.org/discussion/27541/vanilla… | x_refsource_CONFIRM |
Date Public
2014-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release"
},
{
"name": "1031822",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031822"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-19T15:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release"
},
{
"name": "1031822",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031822"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release",
"refsource": "CONFIRM",
"url": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release"
},
{
"name": "1031822",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031822"
},
{
"name": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs",
"refsource": "CONFIRM",
"url": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9685",
"datePublished": "2015-02-25T22:00:00.000Z",
"dateReserved": "2015-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:55:04.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4954 (GCVE-0-2012-4954)
Vulnerability from cvelistv5 – Published: 2012-11-15 11:00 – Updated: 2024-08-06 20:50
VLAI
Summary
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/56483 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.kb.cert.org/vuls/id/611988 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2012-11-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56483"
},
{
"name": "vanilla-forums-parameter-sec-bypass(80000)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000"
},
{
"name": "VU#611988",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/611988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a \"parameter manipulation\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "56483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56483"
},
{
"name": "vanilla-forums-parameter-sec-bypass(80000)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000"
},
{
"name": "VU#611988",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/611988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-4954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a \"parameter manipulation\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56483"
},
{
"name": "vanilla-forums-parameter-sec-bypass(80000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000"
},
{
"name": "VU#611988",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/611988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-4954",
"datePublished": "2012-11-15T11:00:00.000Z",
"dateReserved": "2012-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:18.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4266 (GCVE-0-2010-4266)
Vulnerability from nvd – Published: 2021-06-22 13:38 – Updated: 2024-08-07 03:43
VLAI
Summary
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://open.vanillaforums.com/discussion/13119/v… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | vanilla forums |
Affected:
vanilla forums before 2.0.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:13.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://open.vanillaforums.com/discussion/13119/vanilla-2.0.10-released/p1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vanilla forums",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vanilla forums before 2.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T13:38:24.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://open.vanillaforums.com/discussion/13119/vanilla-2.0.10-released/p1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vanilla forums",
"version": {
"version_data": [
{
"version_value": "vanilla forums before 2.0.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://open.vanillaforums.com/discussion/13119/vanilla-2.0.10-released/p1",
"refsource": "MISC",
"url": "https://open.vanillaforums.com/discussion/13119/vanilla-2.0.10-released/p1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4266",
"datePublished": "2021-06-22T13:38:24.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:13.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4264 (GCVE-0-2010-4264)
Vulnerability from nvd – Published: 2021-06-22 13:24 – Updated: 2024-08-07 03:43
VLAI
Summary
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/vanilla/vanilla/commit/4535a05… | x_refsource_MISC |
| https://seclists.org/oss-sec/2010/q4/282 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | vanilla forums |
Affected:
vanilla forums before 2.0.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:13.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2010/q4/282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vanilla forums",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vanilla forums before 2.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T13:24:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2010/q4/282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vanilla forums",
"version": {
"version_data": [
{
"version_value": "vanilla forums before 2.0.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece",
"refsource": "MISC",
"url": "https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece"
},
{
"name": "https://seclists.org/oss-sec/2010/q4/282",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2010/q4/282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4264",
"datePublished": "2021-06-22T13:24:04.000Z",
"dateReserved": "2010-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:13.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8279 (GCVE-0-2019-8279)
Vulnerability from nvd – Published: 2019-03-02 01:00 – Updated: 2024-09-17 00:21
VLAI
Summary
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
Severity
No CVSS data available.
CWE
- Multiple XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://scriptinjection.blogspot.com/2019/02/vani… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kaspersky Lab | Vanilla Forums |
Affected:
Before 2.5
|
Date Public
2019-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scriptinjection.blogspot.com/2019/02/vanilla-forums-25-stored-xss-in-any.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vanilla Forums",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "Before 2.5"
}
]
}
],
"datePublic": "2019-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Multiple XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-02T00:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scriptinjection.blogspot.com/2019/02/vanilla-forums-25-stored-xss-in-any.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-02-15T00:00:00",
"ID": "CVE-2019-8279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vanilla Forums",
"version": {
"version_data": [
{
"version_value": "Before 2.5"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://scriptinjection.blogspot.com/2019/02/vanilla-forums-25-stored-xss-in-any.html",
"refsource": "MISC",
"url": "https://scriptinjection.blogspot.com/2019/02/vanilla-forums-25-stored-xss-in-any.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8279",
"datePublished": "2019-03-02T01:00:00.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:21:56.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15833 (GCVE-0-2018-15833)
Vulnerability from nvd – Published: 2018-08-26 17:00 – Updated: 2024-08-05 10:01
VLAI
Summary
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://twitter.com/viperbluff/status/10330678829… | x_refsource_MISC |
| https://open.vanillaforums.com/discussion/36559 | x_refsource_MISC |
| https://hackerone.com/reports/326434 | x_refsource_MISC |
| https://twitter.com/viperbluff/status/10336403338… | x_refsource_MISC |
Date Public
2018-08-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/viperbluff/status/1033067882941304832"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://open.vanillaforums.com/discussion/36559"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/326434"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/viperbluff/status/1033640333890834433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-26T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/viperbluff/status/1033067882941304832"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://open.vanillaforums.com/discussion/36559"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/326434"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/viperbluff/status/1033640333890834433"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/viperbluff/status/1033067882941304832",
"refsource": "MISC",
"url": "https://twitter.com/viperbluff/status/1033067882941304832"
},
{
"name": "https://open.vanillaforums.com/discussion/36559",
"refsource": "MISC",
"url": "https://open.vanillaforums.com/discussion/36559"
},
{
"name": "https://hackerone.com/reports/326434",
"refsource": "MISC",
"url": "https://hackerone.com/reports/326434"
},
{
"name": "https://twitter.com/viperbluff/status/1033640333890834433",
"refsource": "MISC",
"url": "https://twitter.com/viperbluff/status/1033640333890834433"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15833",
"datePublished": "2018-08-26T17:00:00.000Z",
"dateReserved": "2018-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:01:54.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000432 (GCVE-0-2017-1000432)
Vulnerability from nvd – Published: 2018-01-02 23:00 – Updated: 2024-08-05 22:00
VLAI
Summary
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/43462/ | exploitx_refsource_EXPLOIT-DB |
| https://open.vanillaforums.com/discussion/28337/v… | x_refsource_CONFIRM |
Date Public
2014-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:40.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43462",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43462/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00.000Z",
"datePublic": "2014-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43462",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43462/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000432",
"REQUESTER": "anandkmr27@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43462",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43462/"
},
{
"name": "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14",
"refsource": "CONFIRM",
"url": "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000432",
"datePublished": "2018-01-02T23:00:00.000Z",
"dateReserved": "2018-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:00:40.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9685 (GCVE-0-2014-9685)
Vulnerability from nvd – Published: 2015-02-25 22:00 – Updated: 2024-08-06 13:55
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://vanillaforums.org/discussion/27540/vanilla… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1031822 | vdb-entryx_refsource_SECTRACK |
| http://vanillaforums.org/discussion/27541/vanilla… | x_refsource_CONFIRM |
Date Public
2014-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release"
},
{
"name": "1031822",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031822"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-19T15:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release"
},
{
"name": "1031822",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031822"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release",
"refsource": "CONFIRM",
"url": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release"
},
{
"name": "1031822",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031822"
},
{
"name": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs",
"refsource": "CONFIRM",
"url": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9685",
"datePublished": "2015-02-25T22:00:00.000Z",
"dateReserved": "2015-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:55:04.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4954 (GCVE-0-2012-4954)
Vulnerability from nvd – Published: 2012-11-15 11:00 – Updated: 2024-08-06 20:50
VLAI
Summary
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/56483 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.kb.cert.org/vuls/id/611988 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2012-11-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56483"
},
{
"name": "vanilla-forums-parameter-sec-bypass(80000)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000"
},
{
"name": "VU#611988",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/611988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a \"parameter manipulation\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "56483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56483"
},
{
"name": "vanilla-forums-parameter-sec-bypass(80000)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000"
},
{
"name": "VU#611988",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/611988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-4954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a \"parameter manipulation\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56483"
},
{
"name": "vanilla-forums-parameter-sec-bypass(80000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000"
},
{
"name": "VU#611988",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/611988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-4954",
"datePublished": "2012-11-15T11:00:00.000Z",
"dateReserved": "2012-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:18.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}