Vanillaforums » Vanilla Forums : Security Vulnerabilities, CVEs, CVSS score >= 5
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
Max CVSS
5.4
EPSS Score
0.07%
Published
2019-03-02
Updated
2019-03-04
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
Max CVSS
8.0
EPSS Score
0.09%
Published
2018-01-02
Updated
2018-01-17
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-06-22
Updated
2021-06-25
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
Max CVSS
6.1
EPSS Score
0.07%
Published
2021-06-22
Updated
2021-06-25
4 vulnerabilities found