Vanillaforums » Vanilla : Security Vulnerabilities, CVEs, Published In 2011

CVE-2011-3812

Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.
Max CVSS
5.0
EPSS Score
0.23%
Published
2011-09-24
Updated
2012-05-21

CVE-2011-0910

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.
Max CVSS
6.4
EPSS Score
0.19%
Published
2011-02-08
Updated
2020-06-04

CVE-2011-0909

Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.
Max CVSS
4.3
EPSS Score
0.10%
Published
2011-02-08
Updated
2020-06-04

CVE-2011-0908

Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526.
Max CVSS
5.8
EPSS Score
0.11%
Published
2011-02-08
Updated
2020-06-04

CVE-2011-0526

Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.
Max CVSS
4.3
EPSS Score
1.98%
Published
2011-02-08
Updated
2020-06-04
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close