Vulnerabilites related to vanillaforums - vanilla
Vulnerability from fkie_nvd
Published
2013-05-10 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90C021CD-A177-4654-B621-F36CACC4ABF9",
"versionEndIncluding": "2.0.18.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1BDD28-B3D5-4CEF-B718-AEDB1BB85478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13A31A31-3D82-47B5-9FAE-4FCAD23E9FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "41C2DCAF-E514-473F-BA2F-0EEE9AE634D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F1392F-711D-4C0E-94C7-4467E50E9212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69041BD4-FE5A-4B02-BD1B-CEFA9604FE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C77AE762-2955-447D-826B-D5DC2F62BE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D7365AC0-3C35-43D4-AC8E-F64EEC0061F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49E55ABC-15E7-4002-9BE4-CF1F1A5EFB17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF565C5-1A0E-4C19-9354-FFBFA454B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3B31A038-7B6A-43EB-B525-EF9CBB5F81C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4F91A-ED9A-4B98-80FF-6621237C285C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3E2758-F9D3-46C5-9D32-FF284B91DA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "27D49ACC-7D32-422F-916A-8B37512CA0FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2BCC4D-DA3D-4EFE-A607-D03FCC7491E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6FAD04-0DF7-4D32-8604-52A5C6C4C15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EF88B68F-D781-41D3-92DD-672C432BA763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04C9B20F-E0E0-4A67-BF20-651655B88AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "158E0328-3C61-4C95-B197-DE813DD0F810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "585F5145-1342-4EAD-A9F9-065A9694D227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42800B41-380A-462A-8B21-9E014910D680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2B4009-09C3-49DD-AC10-D0D8F1CBE91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "229FB439-E8BD-411B-B3B9-EF8A7EF20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C979A25-6BFF-4269-AE58-30363A45735F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A9B704-61C1-4E6C-A3A1-9149E2A80B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "03EF7909-A01B-430D-903E-225E0A7335FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0ECC55-B2E5-433D-AA95-0E901B6D0343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3A800CA9-F408-45EA-8D11-F24F23E457D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9D65A488-2B65-42B9-B610-19AA705351AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6C8E5D-1085-4D1F-820F-73A0F1D66481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "E1E17588-DD2D-453D-BAC2-FB468D3CBDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7ECCCE34-CC7F-4B2D-9A6B-9FBC37F572A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:beta2:*:*:*:*:*:*",
"matchCriteriaId": "CE042198-0481-489B-A8EA-545367169659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D521F90F-0F93-4E64-B43A-B4188532BE33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "59936633-D176-4F25-B349-87F461C00B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "355C6F2A-88FB-44CF-82E3-AEF60F9CA8AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0B1AFB55-42FF-40EF-8BEB-11CDE65FBDDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94086F8C-5F24-4D95-9B20-10719C562ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BBE95A-1EF7-44F6-B94F-FD01E48CEF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B3F737-B681-4EA4-8EFA-96C5AA855A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51A30B2C-0C0A-49C8-ABAB-FD192C298018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7FC9FEC-2B38-4808-9A72-57AAFA4B09CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Vanilla Forums versiones anteriores a v2.0.18.8 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro \"name\" en la matriz Form/Email de (1) entrar/identificarse o (2) entrar/petici\u00f3n de contrase\u00f1a."
}
],
"id": "CVE-2013-3527",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-10T21:55:02.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0068.html"
},
{
"source": "cve@mitre.org",
"url": "http://mfs-enterprise.com/wordpress/2013/04/05/vanilla-forums-2-0-18-sql-injection-insert-arbitrary-user-dump-usertable/"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/92109"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/92110"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/121151/Vanilla-Forums-2.0.18.4-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2013/Apr/57"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52825"
},
{
"source": "cve@mitre.org",
"url": "http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/24927"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/58922"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83289"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/vanillaforums/Garden/commit/83078591bc4d263e77d2a2ca283100997755290d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mfs-enterprise.com/wordpress/2013/04/05/vanilla-forums-2-0-18-sql-injection-insert-arbitrary-user-dump-usertable/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/92109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/92110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/121151/Vanilla-Forums-2.0.18.4-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2013/Apr/57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/24927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/58922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/vanillaforums/Garden/commit/83078591bc4d263e77d2a2ca283100997755290d"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-24 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | 2.0.16 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EF88B68F-D781-41D3-92DD-672C432BA763",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files."
},
{
"lang": "es",
"value": "Vanilla v2.0.16 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con plugins/Minify/min/utils.php y algunos otros archivos."
}
],
"id": "CVE-2011-3812",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-24T00:55:03.693",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vanilla-2.0.16"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vanilla-2.0.16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-08 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * | |
| vanillaforums | vanilla | 2.0.9 | |
| vanillaforums | vanilla | 2.0.10 | |
| vanillaforums | vanilla | 2.0.11 | |
| vanillaforums | vanilla | 2.0.12 | |
| vanillaforums | vanilla | 2.0.13 | |
| vanillaforums | vanilla | 2.0.14 | |
| vanillaforums | vanilla | 2.0.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6910569F-ED26-4648-A6AA-6ACF964590B4",
"versionEndIncluding": "2.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF565C5-1A0E-4C19-9354-FFBFA454B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3B31A038-7B6A-43EB-B525-EF9CBB5F81C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4F91A-ED9A-4B98-80FF-6621237C285C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3E2758-F9D3-46C5-9D32-FF284B91DA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "27D49ACC-7D32-422F-916A-8B37512CA0FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2BCC4D-DA3D-4EFE-A607-D03FCC7491E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6FAD04-0DF7-4D32-8604-52A5C6C4C15E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de Vanilla Forums en versiones anteriores a la 2.0.17. Permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro Target de una acci\u00f3n /entry/signin."
}
],
"id": "CVE-2011-0526",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-08T21:00:01.290",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/01/27/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/01/27/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43074"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/70677"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-released"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bvanilla_forums-2.0.16%5D_cross_site_scripting"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/01/27/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/01/27/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/70677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bvanilla_forums-2.0.16%5D_cross_site_scripting"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 04:29
Modified
2025-04-20 01:37
Severity ?
Summary
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDBC4671-1A63-4671-BF3A-25638FEE5F34",
"versionEndIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request."
},
{
"lang": "es",
"value": "El m\u00e9todo from en library/core/class.email.php en Vanilla Forums anterior a la versi\u00f3n 2.3.1, permite a atacantes remotos falsificar el dominio de correo electr\u00f3nico en mensajes enviados y obtener informaci\u00f3n sensible a trav\u00e9s de un encabezado de HTTP Host modificado, como se demuestra en una solicitud de restablecimiento de contrase\u00f1a ."
}
],
"id": "CVE-2016-10073",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T04:29:01.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/142486/Vanilla-Forums-2.3-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://exploitbox.io/vuln/Vanilla-Forums-Exploit-Host-Header-Injection-CVE-2016-10073-0day.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://open.vanillaforums.com/discussion/33498/critical-security-release-vanilla-2-3-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41996/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/142486/Vanilla-Forums-2.3-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://exploitbox.io/vuln/Vanilla-Forums-Exploit-Host-Header-Injection-CVE-2016-10073-0day.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://open.vanillaforums.com/discussion/33498/critical-security-release-vanilla-2-3-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/41996/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-08 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * | |
| vanillaforums | vanilla | 2.0.9 | |
| vanillaforums | vanilla | 2.0.10 | |
| vanillaforums | vanilla | 2.0.11 | |
| vanillaforums | vanilla | 2.0.12 | |
| vanillaforums | vanilla | 2.0.13 | |
| vanillaforums | vanilla | 2.0.14 | |
| vanillaforums | vanilla | 2.0.15 | |
| vanillaforums | vanilla | 2.0.16 | |
| vanillaforums | vanilla | 2.0.17 | |
| vanillaforums | vanilla | 2.0.17.1 | |
| vanillaforums | vanilla | 2.0.17.2 | |
| vanillaforums | vanilla | 2.0.17.3 | |
| vanillaforums | vanilla | 2.0.17.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38D5D119-9C36-4420-A8A1-98DB5EBDDBF8",
"versionEndIncluding": "2.0.17.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF565C5-1A0E-4C19-9354-FFBFA454B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3B31A038-7B6A-43EB-B525-EF9CBB5F81C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4F91A-ED9A-4B98-80FF-6621237C285C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3E2758-F9D3-46C5-9D32-FF284B91DA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "27D49ACC-7D32-422F-916A-8B37512CA0FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2BCC4D-DA3D-4EFE-A607-D03FCC7491E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6FAD04-0DF7-4D32-8604-52A5C6C4C15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EF88B68F-D781-41D3-92DD-672C432BA763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "158E0328-3C61-4C95-B197-DE813DD0F810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "585F5145-1342-4EAD-A9F9-065A9694D227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42800B41-380A-462A-8B21-9E014910D680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2B4009-09C3-49DD-AC10-D0D8F1CBE91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "229FB439-E8BD-411B-B3B9-EF8A7EF20947",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Vanilla Forums en versiones anteriores a la 2.0.17.6. Permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro p de un componente sin especificar. Una vulnerabilidad distinta a la CVE-2011-0526."
}
],
"id": "CVE-2011-0909",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-08T21:00:01.400",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-23 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zodiacdm | aboutme-plugin | 1.1.1 | |
| vanillaforums | vanilla | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zodiacdm:aboutme-plugin:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92EFD2B0-CC89-41C1-945F-921F9A9913B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD353E74-C2D9-4F3A-A02A-0EA151EBBE87",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "m\u00faltiples vulnerabilidades XSS en el plugin AboutMe 1.1.1 para Vanilla Forums, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, o (15) AboutMe/Bks a la p\u00e1gina \"Edit My Details\". NOTA: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros."
}
],
"id": "CVE-2012-6557",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-05-23T15:55:01.817",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49207"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18911"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.henryhoggard.co.uk/security/183/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.henryhoggard.co.uk/security/183/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53631"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-05-10 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90C021CD-A177-4654-B621-F36CACC4ABF9",
"versionEndIncluding": "2.0.18.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1BDD28-B3D5-4CEF-B718-AEDB1BB85478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13A31A31-3D82-47B5-9FAE-4FCAD23E9FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "41C2DCAF-E514-473F-BA2F-0EEE9AE634D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F1392F-711D-4C0E-94C7-4467E50E9212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69041BD4-FE5A-4B02-BD1B-CEFA9604FE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C77AE762-2955-447D-826B-D5DC2F62BE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D7365AC0-3C35-43D4-AC8E-F64EEC0061F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49E55ABC-15E7-4002-9BE4-CF1F1A5EFB17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF565C5-1A0E-4C19-9354-FFBFA454B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3B31A038-7B6A-43EB-B525-EF9CBB5F81C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4F91A-ED9A-4B98-80FF-6621237C285C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3E2758-F9D3-46C5-9D32-FF284B91DA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "27D49ACC-7D32-422F-916A-8B37512CA0FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2BCC4D-DA3D-4EFE-A607-D03FCC7491E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6FAD04-0DF7-4D32-8604-52A5C6C4C15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EF88B68F-D781-41D3-92DD-672C432BA763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04C9B20F-E0E0-4A67-BF20-651655B88AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "158E0328-3C61-4C95-B197-DE813DD0F810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "585F5145-1342-4EAD-A9F9-065A9694D227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42800B41-380A-462A-8B21-9E014910D680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2B4009-09C3-49DD-AC10-D0D8F1CBE91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "229FB439-E8BD-411B-B3B9-EF8A7EF20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C979A25-6BFF-4269-AE58-30363A45735F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A9B704-61C1-4E6C-A3A1-9149E2A80B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "03EF7909-A01B-430D-903E-225E0A7335FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0ECC55-B2E5-433D-AA95-0E901B6D0343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3A800CA9-F408-45EA-8D11-F24F23E457D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9D65A488-2B65-42B9-B610-19AA705351AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6C8E5D-1085-4D1F-820F-73A0F1D66481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "E1E17588-DD2D-453D-BAC2-FB468D3CBDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7ECCCE34-CC7F-4B2D-9A6B-9FBC37F572A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:beta2:*:*:*:*:*:*",
"matchCriteriaId": "CE042198-0481-489B-A8EA-545367169659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D521F90F-0F93-4E64-B43A-B4188532BE33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "59936633-D176-4F25-B349-87F461C00B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "355C6F2A-88FB-44CF-82E3-AEF60F9CA8AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0B1AFB55-42FF-40EF-8BEB-11CDE65FBDDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94086F8C-5F24-4D95-9B20-10719C562ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BBE95A-1EF7-44F6-B94F-FD01E48CEF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B3F737-B681-4EA4-8EFA-96C5AA855A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51A30B2C-0C0A-49C8-ABAB-FD192C298018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7FC9FEC-2B38-4808-9A72-57AAFA4B09CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to \"object injection.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la comprobaci\u00f3n de actualizaci\u00f3n de Vanilla Forums versi\u00f3n anterior a v2.0.18.8 tiene un impacto no especificado y vectores de ataque remoto, relacionada con \"object injection\"."
}
],
"id": "CVE-2013-3528",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-10T21:55:02.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84167"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/vanillaforums/Garden/commit/b9a10dabb15c697347bfa7baef69a6e211b2f804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/vanillaforums/Garden/commit/b9a10dabb15c697347bfa7baef69a6e211b2f804"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:52
Severity ?
Summary
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22 | Third Party Advisory | |
| cve@mitre.org | https://github.com/vanilla/vanilla/pull/7840 | Third Party Advisory | |
| cve@mitre.org | https://hackerone.com/reports/411140 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vanilla/vanilla/pull/7840 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/411140 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43589609-CB2B-4C9D-8DEE-47447B8AFA56",
"versionEndExcluding": "2.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server."
},
{
"lang": "es",
"value": "En Vanilla, en versiones anteriores a la 2.6.4, existe un error en la funci\u00f3n getSingleIndex de la clase AddonManager. Este problema resulta en una llamada \"require\" que emplea un valor de tipo manipulado, lo que conduce a un salto de directorio con una inclusi\u00f3n de archivos. Un atacante podr\u00eda aprovecharse de esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del servidor web."
}
],
"id": "CVE-2019-9889",
"lastModified": "2024-11-21T04:52:30.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:01:17.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/vanilla/vanilla/pull/7840"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/411140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/vanilla/vanilla/pull/7840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/411140"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-08 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * | |
| vanillaforums | vanilla | 2.0.9 | |
| vanillaforums | vanilla | 2.0.10 | |
| vanillaforums | vanilla | 2.0.11 | |
| vanillaforums | vanilla | 2.0.12 | |
| vanillaforums | vanilla | 2.0.13 | |
| vanillaforums | vanilla | 2.0.14 | |
| vanillaforums | vanilla | 2.0.15 | |
| vanillaforums | vanilla | 2.0.16 | |
| vanillaforums | vanilla | 2.0.17 | |
| vanillaforums | vanilla | 2.0.17.1 | |
| vanillaforums | vanilla | 2.0.17.2 | |
| vanillaforums | vanilla | 2.0.17.3 | |
| vanillaforums | vanilla | 2.0.17.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38D5D119-9C36-4420-A8A1-98DB5EBDDBF8",
"versionEndIncluding": "2.0.17.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF565C5-1A0E-4C19-9354-FFBFA454B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3B31A038-7B6A-43EB-B525-EF9CBB5F81C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4F91A-ED9A-4B98-80FF-6621237C285C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3E2758-F9D3-46C5-9D32-FF284B91DA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "27D49ACC-7D32-422F-916A-8B37512CA0FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2BCC4D-DA3D-4EFE-A607-D03FCC7491E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6FAD04-0DF7-4D32-8604-52A5C6C4C15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EF88B68F-D781-41D3-92DD-672C432BA763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "158E0328-3C61-4C95-B197-DE813DD0F810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "585F5145-1342-4EAD-A9F9-065A9694D227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42800B41-380A-462A-8B21-9E014910D680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2B4009-09C3-49DD-AC10-D0D8F1CBE91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "229FB439-E8BD-411B-B3B9-EF8A7EF20947",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de las cookies en Vanilla Forums en versiones anteriores a la 2.0.17.6 facilita a atacantes remotos suplantar peticiones firmadas, y consecuentemente obtener acceso a cuentas de usuario arbitrarias a trav\u00e9s de ataques de tiempo HMAC."
}
],
"id": "CVE-2011-0910",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-08T21:00:01.447",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 18:15
Modified
2024-11-21 01:30
Severity ?
Summary
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2011/10/10/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2011/10/10/5 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BDD0B79-F3D0-4F2D-90CE-5CA380FCDCE8",
"versionEndExcluding": "2.0.17.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled."
},
{
"lang": "es",
"value": "Se presenta un problema en Vanilla Forums versiones anteriores a 2.0.17.9, debido a la manera en que las cookies son manejadas."
}
],
"id": "CVE-2011-3613",
"lastModified": "2024-11-21T01:30:51.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T18:15:11.813",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/5"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-15 11:58
Modified
2025-04-11 00:51
Severity ?
Summary
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "378B55A1-FFDD-4BB3-9E2A-7DC0F64A84E2",
"versionEndIncluding": "2.0.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "173BF8BD-1B30-404B-964D-1A487BD28624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1BDD28-B3D5-4CEF-B718-AEDB1BB85478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13A31A31-3D82-47B5-9FAE-4FCAD23E9FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "41C2DCAF-E514-473F-BA2F-0EEE9AE634D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F1392F-711D-4C0E-94C7-4467E50E9212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69041BD4-FE5A-4B02-BD1B-CEFA9604FE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C77AE762-2955-447D-826B-D5DC2F62BE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D7365AC0-3C35-43D4-AC8E-F64EEC0061F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49E55ABC-15E7-4002-9BE4-CF1F1A5EFB17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF565C5-1A0E-4C19-9354-FFBFA454B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3B31A038-7B6A-43EB-B525-EF9CBB5F81C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4F91A-ED9A-4B98-80FF-6621237C285C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3E2758-F9D3-46C5-9D32-FF284B91DA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "27D49ACC-7D32-422F-916A-8B37512CA0FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2BCC4D-DA3D-4EFE-A607-D03FCC7491E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6FAD04-0DF7-4D32-8604-52A5C6C4C15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EF88B68F-D781-41D3-92DD-672C432BA763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04C9B20F-E0E0-4A67-BF20-651655B88AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "158E0328-3C61-4C95-B197-DE813DD0F810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "585F5145-1342-4EAD-A9F9-065A9694D227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42800B41-380A-462A-8B21-9E014910D680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2B4009-09C3-49DD-AC10-D0D8F1CBE91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "229FB439-E8BD-411B-B3B9-EF8A7EF20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C979A25-6BFF-4269-AE58-30363A45735F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A9B704-61C1-4E6C-A3A1-9149E2A80B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "03EF7909-A01B-430D-903E-225E0A7335FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0ECC55-B2E5-433D-AA95-0E901B6D0343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3A800CA9-F408-45EA-8D11-F24F23E457D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9D65A488-2B65-42B9-B610-19AA705351AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6C8E5D-1085-4D1F-820F-73A0F1D66481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "E1E17588-DD2D-453D-BAC2-FB468D3CBDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7ECCCE34-CC7F-4B2D-9A6B-9FBC37F572A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:beta2:*:*:*:*:*:*",
"matchCriteriaId": "CE042198-0481-489B-A8EA-545367169659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D521F90F-0F93-4E64-B43A-B4188532BE33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "59936633-D176-4F25-B349-87F461C00B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "355C6F2A-88FB-44CF-82E3-AEF60F9CA8AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0B1AFB55-42FF-40EF-8BEB-11CDE65FBDDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94086F8C-5F24-4D95-9B20-10719C562ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BBE95A-1EF7-44F6-B94F-FD01E48CEF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla_forums:*:a26:*:*:*:*:*:*",
"matchCriteriaId": "4E60FE57-0A13-41DF-8C23-2CE4CD01DA86",
"versionEndIncluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a \"parameter manipulation\" issue."
},
{
"lang": "es",
"value": "La p\u00e1gina de edici\u00f3n de perfil en Vanilla Forums antes de v2.1a32 permite a usuarios remotos autenticados modificar los ajustes de su perfil que desee sustituyendo el valor UserID durante un ataque man-in-the-middle. Se trata de un problema relacionado con una \"manipulaci\u00f3n de par\u00e1metros\".\r\n"
}
],
"id": "CVE-2012-4954",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-15T11:58:40.103",
"references": [
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/611988"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/56483"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/611988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-03 05:29
Modified
2024-11-21 03:56
Severity ?
Summary
Vanilla 2.6.x before 2.6.4 allows remote code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B52C907-1164-43BE-9C17-5FFEE367C1F6",
"versionEndExcluding": "2.6.4",
"versionStartIncluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vanilla 2.6.x before 2.6.4 allows remote code execution."
},
{
"lang": "es",
"value": "Vanilla en versiones 2.6.x anteriores a la 2.6.4 permite la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2018-18903",
"lastModified": "2024-11-21T03:56:51.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-03T05:29:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/vanilla/vanilla/releases/tag/Vanilla_2.6.4"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://open.vanillaforums.com/discussion/36771/security-update-vanilla-2-6-4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-vanilla-forums-remote-code-execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/vanilla/vanilla/releases/tag/Vanilla_2.6.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://open.vanillaforums.com/discussion/36771/security-update-vanilla-2-6-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-vanilla-forums-remote-code-execution.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-08 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * | |
| vanillaforums | vanilla | 2.0.9 | |
| vanillaforums | vanilla | 2.0.10 | |
| vanillaforums | vanilla | 2.0.11 | |
| vanillaforums | vanilla | 2.0.12 | |
| vanillaforums | vanilla | 2.0.13 | |
| vanillaforums | vanilla | 2.0.14 | |
| vanillaforums | vanilla | 2.0.15 | |
| vanillaforums | vanilla | 2.0.16 | |
| vanillaforums | vanilla | 2.0.17 | |
| vanillaforums | vanilla | 2.0.17.1 | |
| vanillaforums | vanilla | 2.0.17.2 | |
| vanillaforums | vanilla | 2.0.17.3 | |
| vanillaforums | vanilla | 2.0.17.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38D5D119-9C36-4420-A8A1-98DB5EBDDBF8",
"versionEndIncluding": "2.0.17.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF565C5-1A0E-4C19-9354-FFBFA454B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3B31A038-7B6A-43EB-B525-EF9CBB5F81C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "57E4F91A-ED9A-4B98-80FF-6621237C285C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3E2758-F9D3-46C5-9D32-FF284B91DA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "27D49ACC-7D32-422F-916A-8B37512CA0FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2BCC4D-DA3D-4EFE-A607-D03FCC7491E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6FAD04-0DF7-4D32-8604-52A5C6C4C15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EF88B68F-D781-41D3-92DD-672C432BA763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "158E0328-3C61-4C95-B197-DE813DD0F810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "585F5145-1342-4EAD-A9F9-065A9694D227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42800B41-380A-462A-8B21-9E014910D680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2B4009-09C3-49DD-AC10-D0D8F1CBE91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.0.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "229FB439-E8BD-411B-B3B9-EF8A7EF20947",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n involuntaria en Vanilla Forums en versiones anteriores a la 2.0.17.6. Permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro Target de un componente sin espcificar. Una vulnerabilidad distinta a la CVE-2011-0526."
}
],
"id": "CVE-2011-0908",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-08T21:00:01.353",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-28 05:29
Modified
2024-11-21 03:54
Severity ?
Summary
Vanilla before 2.6.1 allows XSS via the email field of a profile.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://hackerone.com/reports/361957 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/361957 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8D2045-11B8-45FC-BF73-7203E0D79811",
"versionEndExcluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vanilla before 2.6.1 allows XSS via the email field of a profile."
},
{
"lang": "es",
"value": "Vanilla en versiones anteriores a la 2.6.3 permite Cross-Site Scripting (XSS) mediante el campo email de un perfil."
}
],
"id": "CVE-2018-17571",
"lastModified": "2024-11-21T03:54:37.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-28T05:29:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/361957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/361957"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-05 21:15
Modified
2024-11-21 01:25
Severity ?
Summary
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2011/02/22/14 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2011/02/22/14 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3567F734-1371-4B68-A4F7-66A2D4CF54CA",
"versionEndIncluding": "2.0.17.5",
"versionStartIncluding": "2.0.17.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter."
},
{
"lang": "es",
"value": "Vanilla Forums versiones 2.0.17.1 hasta 2.0.17.5, presenta una vulnerabilidad de tipo XSS en el archivo /vanilla/index.php por medio del par\u00e1metro p."
}
],
"id": "CVE-2011-1009",
"lastModified": "2024-11-21T01:25:19.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T21:15:10.517",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/22/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/22/14"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-23 19:29
Modified
2024-11-21 03:58
Severity ?
Summary
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://hackerone.com/reports/407552 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/407552 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * | |
| vanillaforums | vanilla | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9A7B9EB-99D4-47C4-852A-1C4EA814B386",
"versionEndExcluding": "2.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0D6BDA-2ADC-4182-A07E-88B13D990A48",
"versionEndExcluding": "2.6.2",
"versionStartIncluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class."
},
{
"lang": "es",
"value": "Vanilla, en versiones anteriores a la 2.5.5 y en las 2.6.x anteriores a la 2.6.2, permite la ejecuci\u00f3n remota de c\u00f3digo debido a que los administradores autenticados tienen una llamada alcanzable a unserialize en la clase Gdn_Format."
}
],
"id": "CVE-2018-19499",
"lastModified": "2024-11-21T03:58:02.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-23T19:29:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/407552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/407552"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-03 19:29
Modified
2024-11-21 03:52
Severity ?
Summary
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://hackerone.com/reports/353784 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://open.vanillaforums.com/discussion/36559 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/353784 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://open.vanillaforums.com/discussion/36559 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | 2.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E741D3BF-922B-4FD5-AF8D-31BA531ECABD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php."
},
{
"lang": "es",
"value": "Vanilla en versiones anteriores a la 2.6.1 permite la inyecci\u00f3n SQL mediante un array invitationID en /profile/deleteInvitation, relacionado con applications/dashboard/models/class.invitationmodel.php y applications/dashboard/controllers/class.profilecontroller.php."
}
],
"id": "CVE-2018-16410",
"lastModified": "2024-11-21T03:52:41.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-03T19:29:01.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/353784"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://open.vanillaforums.com/discussion/36559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/353784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://open.vanillaforums.com/discussion/36559"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 18:15
Modified
2024-11-21 01:30
Severity ?
Summary
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2011/10/10/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2011/10/10/5 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BDD0B79-F3D0-4F2D-90CE-5CA380FCDCE8",
"versionEndExcluding": "2.0.17.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Control de Acceso en los plugins de Facebook, Twitter y Embedded en Vanilla Forums versiones anteriores a 2.0.17.9."
}
],
"id": "CVE-2011-3614",
"lastModified": "2024-11-21T01:30:51.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T18:15:11.860",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/5"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-25 22:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | * | |
| vanillaforums | vanilla_forums | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C91387CD-1F56-4590-A890-526C40946CBD",
"versionEndIncluding": "2.0.18.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla_forums:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BC24DF-EBC7-4AA4-A4D2-E8AE35BC0032",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Vanilla Forums anterior a 2.0.18.13 y 2.1.x anterior a 2.1.1 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-9685",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-25T22:59:00.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031822"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-10 12:15
Modified
2024-11-21 05:39
Severity ?
Summary
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/156281/Vanilla-Forum-2.6.3-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/hacky1997/CVE-2020-8825 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156281/Vanilla-Forum-2.6.3-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hacky1997/CVE-2020-8825 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vanillaforums | vanilla | 2.6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vanillaforums:vanilla:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA26FC6-6FD0-4425-AF62-1A9864F60D6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS."
},
{
"lang": "es",
"value": "index.php?p=/dashboard/settings/branding en Vanilla versi\u00f3n 2.6.3, permite un ataque de tipo XSS almacenado."
}
],
"id": "CVE-2020-8825",
"lastModified": "2024-11-21T05:39:30.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-10T12:15:12.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156281/Vanilla-Forum-2.6.3-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/hacky1997/CVE-2020-8825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156281/Vanilla-Forum-2.6.3-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/hacky1997/CVE-2020-8825"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-10073 (GCVE-0-2016-10073)
Vulnerability from cvelistv5
Published
2017-05-23 03:56
Modified
2024-08-06 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/142486/Vanilla-Forums-2.3-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exploitbox.io/vuln/Vanilla-Forums-Exploit-Host-Header-Injection-CVE-2016-10073-0day.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://open.vanillaforums.com/discussion/33498/critical-security-release-vanilla-2-3-1"
},
{
"name": "41996",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41996/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/142486/Vanilla-Forums-2.3-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exploitbox.io/vuln/Vanilla-Forums-Exploit-Host-Header-Injection-CVE-2016-10073-0day.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://open.vanillaforums.com/discussion/33498/critical-security-release-vanilla-2-3-1"
},
{
"name": "41996",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41996/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/142486/Vanilla-Forums-2.3-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142486/Vanilla-Forums-2.3-Remote-Code-Execution.html"
},
{
"name": "https://exploitbox.io/vuln/Vanilla-Forums-Exploit-Host-Header-Injection-CVE-2016-10073-0day.html",
"refsource": "MISC",
"url": "https://exploitbox.io/vuln/Vanilla-Forums-Exploit-Host-Header-Injection-CVE-2016-10073-0day.html"
},
{
"name": "https://open.vanillaforums.com/discussion/33498/critical-security-release-vanilla-2-3-1",
"refsource": "CONFIRM",
"url": "https://open.vanillaforums.com/discussion/33498/critical-security-release-vanilla-2-3-1"
},
{
"name": "41996",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41996/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10073",
"datePublished": "2017-05-23T03:56:00",
"dateReserved": "2016-12-27T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0908 (GCVE-0-2011-0908)
Vulnerability from cvelistv5
Published
2011-02-08 20:00
Modified
2024-09-16 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-08T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729",
"refsource": "CONFIRM",
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0908",
"datePublished": "2011-02-08T20:00:00Z",
"dateReserved": "2011-02-08T00:00:00Z",
"dateUpdated": "2024-09-16T16:17:51.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0910 (GCVE-0-2011-0910)
Vulnerability from cvelistv5
Published
2011-02-08 20:00
Modified
2024-09-16 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-08T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729",
"refsource": "CONFIRM",
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0910",
"datePublished": "2011-02-08T20:00:00Z",
"dateReserved": "2011-02-08T00:00:00Z",
"dateUpdated": "2024-09-16T20:42:07.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9685 (GCVE-0-2014-9685)
Vulnerability from cvelistv5
Published
2015-02-25 22:00
Modified
2024-08-06 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release"
},
{
"name": "1031822",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031822"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-19T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release"
},
{
"name": "1031822",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031822"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release",
"refsource": "CONFIRM",
"url": "http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release"
},
{
"name": "1031822",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031822"
},
{
"name": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs",
"refsource": "CONFIRM",
"url": "http://vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9685",
"datePublished": "2015-02-25T22:00:00",
"dateReserved": "2015-02-25T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8825 (GCVE-0-2020-8825)
Vulnerability from cvelistv5
Published
2020-02-10 11:14
Modified
2024-08-04 10:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hacky1997/CVE-2020-8825"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156281/Vanilla-Forum-2.6.3-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T22:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hacky1997/CVE-2020-8825"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156281/Vanilla-Forum-2.6.3-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hacky1997/CVE-2020-8825",
"refsource": "MISC",
"url": "https://github.com/hacky1997/CVE-2020-8825"
},
{
"name": "http://packetstormsecurity.com/files/156281/Vanilla-Forum-2.6.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156281/Vanilla-Forum-2.6.3-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8825",
"datePublished": "2020-02-10T11:14:37",
"dateReserved": "2020-02-10T00:00:00",
"dateUpdated": "2024-08-04T10:12:10.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9889 (GCVE-0-2019-9889)
Vulnerability from cvelistv5
Published
2019-03-20 22:12
Modified
2024-08-04 22:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:55.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/411140"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vanilla/vanilla/pull/7840"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-20T22:12:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/411140"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vanilla/vanilla/pull/7840"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/411140",
"refsource": "MISC",
"url": "https://hackerone.com/reports/411140"
},
{
"name": "https://github.com/vanilla/vanilla/pull/7840",
"refsource": "MISC",
"url": "https://github.com/vanilla/vanilla/pull/7840"
},
{
"name": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22",
"refsource": "MISC",
"url": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9889",
"datePublished": "2019-03-20T22:12:27",
"dateReserved": "2019-03-20T00:00:00",
"dateUpdated": "2024-08-04T22:01:55.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0526 (GCVE-0-2011-0526)
Vulnerability from cvelistv5
Published
2011-02-08 20:00
Modified
2024-09-16 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43074"
},
{
"name": "70677",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70677"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bvanilla_forums-2.0.16%5D_cross_site_scripting"
},
{
"name": "[oss-security] 20110127 CVE Request:Vanilla Forums 2.0.16 \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/27/2"
},
{
"name": "[oss-security] 20110127 Re: CVE Request:Vanilla Forums 2.0.16 \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/27/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-08T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "43074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43074"
},
{
"name": "70677",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70677"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/%5Bvanilla_forums-2.0.16%5D_cross_site_scripting"
},
{
"name": "[oss-security] 20110127 CVE Request:Vanilla Forums 2.0.16 \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/27/2"
},
{
"name": "[oss-security] 20110127 Re: CVE Request:Vanilla Forums 2.0.16 \u003c= Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/27/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43074"
},
{
"name": "70677",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70677"
},
{
"name": "http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-released",
"refsource": "MISC",
"url": "http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-released"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/%5Bvanilla_forums-2.0.16%5D_cross_site_scripting",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/%5Bvanilla_forums-2.0.16%5D_cross_site_scripting"
},
{
"name": "[oss-security] 20110127 CVE Request:Vanilla Forums 2.0.16 \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/27/2"
},
{
"name": "[oss-security] 20110127 Re: CVE Request:Vanilla Forums 2.0.16 \u003c= Cross Site Scripting Vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/27/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0526",
"datePublished": "2011-02-08T20:00:00Z",
"dateReserved": "2011-01-20T00:00:00Z",
"dateUpdated": "2024-09-16T18:29:14.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18903 (GCVE-0-2018-18903)
Vulnerability from cvelistv5
Published
2018-11-03 05:00
Modified
2024-08-05 11:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Vanilla 2.6.x before 2.6.4 allows remote code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-vanilla-forums-remote-code-execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vanilla/vanilla/releases/tag/Vanilla_2.6.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://open.vanillaforums.com/discussion/36771/security-update-vanilla-2-6-4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vanilla 2.6.x before 2.6.4 allows remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-07T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-vanilla-forums-remote-code-execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vanilla/vanilla/releases/tag/Vanilla_2.6.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://open.vanillaforums.com/discussion/36771/security-update-vanilla-2-6-4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vanilla 2.6.x before 2.6.4 allows remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-vanilla-forums-remote-code-execution.html",
"refsource": "MISC",
"url": "https://srcincite.io/blog/2018/10/02/old-school-pwning-with-new-school-tricks-vanilla-forums-remote-code-execution.html"
},
{
"name": "https://github.com/vanilla/vanilla/releases/tag/Vanilla_2.6.4",
"refsource": "MISC",
"url": "https://github.com/vanilla/vanilla/releases/tag/Vanilla_2.6.4"
},
{
"name": "https://open.vanillaforums.com/discussion/36771/security-update-vanilla-2-6-4",
"refsource": "MISC",
"url": "https://open.vanillaforums.com/discussion/36771/security-update-vanilla-2-6-4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18903",
"datePublished": "2018-11-03T05:00:00",
"dateReserved": "2018-11-02T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17571 (GCVE-0-2018-17571)
Vulnerability from cvelistv5
Published
2018-09-28 05:00
Modified
2024-08-05 10:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Vanilla before 2.6.1 allows XSS via the email field of a profile.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:10.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/361957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vanilla before 2.6.1 allows XSS via the email field of a profile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-28T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/361957"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vanilla before 2.6.1 allows XSS via the email field of a profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/361957",
"refsource": "MISC",
"url": "https://hackerone.com/reports/361957"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17571",
"datePublished": "2018-09-28T05:00:00",
"dateReserved": "2018-09-27T00:00:00",
"dateUpdated": "2024-08-05T10:54:10.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16410 (GCVE-0-2018-16410)
Vulnerability from cvelistv5
Published
2018-09-03 19:00
Modified
2024-08-05 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://open.vanillaforums.com/discussion/36559"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/353784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://open.vanillaforums.com/discussion/36559"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/353784"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://open.vanillaforums.com/discussion/36559",
"refsource": "MISC",
"url": "https://open.vanillaforums.com/discussion/36559"
},
{
"name": "https://hackerone.com/reports/353784",
"refsource": "MISC",
"url": "https://hackerone.com/reports/353784"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16410",
"datePublished": "2018-09-03T19:00:00",
"dateReserved": "2018-09-03T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3613 (GCVE-0-2011-3613)
Vulnerability from cvelistv5
Published
2020-01-22 17:19
Modified
2024-08-06 23:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- cookie theft
Summary
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Vanilla | Vanilla Forums |
Version: before 2.0.17.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vanilla Forums",
"vendor": "Vanilla",
"versions": [
{
"status": "affected",
"version": "before 2.0.17.9"
}
]
}
],
"datePublic": "2011-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cookie theft",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T17:19:54",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vanilla Forums",
"version": {
"version_data": [
{
"version_value": "before 2.0.17.9"
}
]
}
}
]
},
"vendor_name": "Vanilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cookie theft"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/10/10/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/5"
},
{
"name": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3613",
"datePublished": "2020-01-22T17:19:54",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4954 (GCVE-0-2012-4954)
Vulnerability from cvelistv5
Published
2012-11-15 11:00
Modified
2024-08-06 20:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56483"
},
{
"name": "vanilla-forums-parameter-sec-bypass(80000)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000"
},
{
"name": "VU#611988",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/611988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a \"parameter manipulation\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "56483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56483"
},
{
"name": "vanilla-forums-parameter-sec-bypass(80000)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000"
},
{
"name": "VU#611988",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/611988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-4954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a \"parameter manipulation\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56483"
},
{
"name": "vanilla-forums-parameter-sec-bypass(80000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000"
},
{
"name": "VU#611988",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/611988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-4954",
"datePublished": "2012-11-15T11:00:00",
"dateReserved": "2012-09-17T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3812 (GCVE-0-2011-3812)
Vulnerability from cvelistv5
Published
2011-09-24 00:00
Modified
2024-09-17 00:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vanilla-2.0.16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vanilla-2.0.16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vanilla-2.0.16",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/vanilla-2.0.16"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3812",
"datePublished": "2011-09-24T00:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-17T00:45:29.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6557 (GCVE-0-2012-6557)
Vulnerability from cvelistv5
Published
2013-05-23 15:00
Modified
2024-09-16 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:00.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53631"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.henryhoggard.co.uk/security/183/"
},
{
"name": "18911",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18911"
},
{
"name": "49207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49207"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53631"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.henryhoggard.co.uk/security/183/"
},
{
"name": "18911",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18911"
},
{
"name": "49207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49207"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) AboutMe/RealName, (2) AboutMe/Name, (3) AboutMe/Quote, (4) AboutMe/Loc, (5) AboutMe/Emp, (6) AboutMe/JobTit, (7) AboutMe/HS, (8) AboutMe/Col, (9) AboutMe/Bio, (10) AboutMe/Inter, (11) AboutMe/Mus, (12) AboutMe/Gam, (13) AboutMe/Mov, (14) AboutMe/FTV, or (15) AboutMe/Bks parameter to the Edit My Details page. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53631"
},
{
"name": "http://www.henryhoggard.co.uk/security/183/",
"refsource": "MISC",
"url": "http://www.henryhoggard.co.uk/security/183/"
},
{
"name": "18911",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18911"
},
{
"name": "49207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49207"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6557",
"datePublished": "2013-05-23T15:00:00Z",
"dateReserved": "2013-05-23T00:00:00Z",
"dateUpdated": "2024-09-16T19:05:38.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0909 (GCVE-0-2011-0909)
Vulnerability from cvelistv5
Published
2011-02-08 20:00
Modified
2024-09-17 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-08T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729",
"refsource": "CONFIRM",
"url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0909",
"datePublished": "2011-02-08T20:00:00Z",
"dateReserved": "2011-02-08T00:00:00Z",
"dateUpdated": "2024-09-17T04:09:23.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3614 (GCVE-0-2011-3614)
Vulnerability from cvelistv5
Published
2020-01-22 17:27
Modified
2024-08-06 23:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- incorrect access control
Summary
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Vanilla | Vanilla Forums |
Version: before 2.0.17.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vanilla Forums",
"vendor": "Vanilla",
"versions": [
{
"status": "affected",
"version": "before 2.0.17.9"
}
]
}
],
"datePublic": "2011-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "incorrect access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T17:27:15",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vanilla Forums",
"version": {
"version_data": [
{
"version_value": "before 2.0.17.9"
}
]
}
}
]
},
"vendor_name": "Vanilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "incorrect access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/10/10/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/10/10/5"
},
{
"name": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3614",
"datePublished": "2020-01-22T17:27:15",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19499 (GCVE-0-2018-19499)
Vulnerability from cvelistv5
Published
2018-11-23 19:00
Modified
2024-08-05 11:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/407552"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-23T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/407552"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/407552",
"refsource": "MISC",
"url": "https://hackerone.com/reports/407552"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19499",
"datePublished": "2018-11-23T19:00:00",
"dateReserved": "2018-11-23T00:00:00",
"dateUpdated": "2024-08-05T11:37:11.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3527 (GCVE-0-2013-3527)
Vulnerability from cvelistv5
Published
2013-05-10 21:00
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52825"
},
{
"name": "20130405 Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user \u0026 dump usertable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0068.html"
},
{
"name": "92109",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/92109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/121151/Vanilla-Forums-2.0.18.4-SQL-Injection.html"
},
{
"name": "20130407 Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user \u0026 dump usertable",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Apr/57"
},
{
"name": "92110",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/92110"
},
{
"name": "vanillaforums-multiple-sql-injection(83289)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83289"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vanillaforums/Garden/commit/83078591bc4d263e77d2a2ca283100997755290d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mfs-enterprise.com/wordpress/2013/04/05/vanilla-forums-2-0-18-sql-injection-insert-arbitrary-user-dump-usertable/"
},
{
"name": "58922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58922"
},
{
"name": "24927",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24927"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52825"
},
{
"name": "20130405 Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user \u0026 dump usertable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0068.html"
},
{
"name": "92109",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/92109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/121151/Vanilla-Forums-2.0.18.4-SQL-Injection.html"
},
{
"name": "20130407 Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user \u0026 dump usertable",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Apr/57"
},
{
"name": "92110",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/92110"
},
{
"name": "vanillaforums-multiple-sql-injection(83289)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83289"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vanillaforums/Garden/commit/83078591bc4d263e77d2a2ca283100997755290d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mfs-enterprise.com/wordpress/2013/04/05/vanilla-forums-2-0-18-sql-injection-insert-arbitrary-user-dump-usertable/"
},
{
"name": "58922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58922"
},
{
"name": "24927",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/24927"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52825"
},
{
"name": "20130405 Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user \u0026 dump usertable",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0068.html"
},
{
"name": "92109",
"refsource": "OSVDB",
"url": "http://osvdb.org/92109"
},
{
"name": "http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7",
"refsource": "CONFIRM",
"url": "http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7"
},
{
"name": "http://packetstormsecurity.com/files/121151/Vanilla-Forums-2.0.18.4-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121151/Vanilla-Forums-2.0.18.4-SQL-Injection.html"
},
{
"name": "20130407 Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user \u0026 dump usertable",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Apr/57"
},
{
"name": "92110",
"refsource": "OSVDB",
"url": "http://osvdb.org/92110"
},
{
"name": "vanillaforums-multiple-sql-injection(83289)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83289"
},
{
"name": "https://github.com/vanillaforums/Garden/commit/83078591bc4d263e77d2a2ca283100997755290d",
"refsource": "CONFIRM",
"url": "https://github.com/vanillaforums/Garden/commit/83078591bc4d263e77d2a2ca283100997755290d"
},
{
"name": "http://mfs-enterprise.com/wordpress/2013/04/05/vanilla-forums-2-0-18-sql-injection-insert-arbitrary-user-dump-usertable/",
"refsource": "MISC",
"url": "http://mfs-enterprise.com/wordpress/2013/04/05/vanilla-forums-2-0-18-sql-injection-insert-arbitrary-user-dump-usertable/"
},
{
"name": "58922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58922"
},
{
"name": "24927",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24927"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3527",
"datePublished": "2013-05-10T21:00:00",
"dateReserved": "2013-05-10T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1009 (GCVE-0-2011-1009)
Vulnerability from cvelistv5
Published
2020-02-05 20:41
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Vanilla | Vanilla Forums |
Version: 2.0.17.1 through 2.0.17.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/22/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vanilla Forums",
"vendor": "Vanilla",
"versions": [
{
"status": "affected",
"version": "2.0.17.1 through 2.0.17.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T20:41:55",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/02/22/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vanilla Forums",
"version": {
"version_data": [
{
"version_value": "2.0.17.1 through 2.0.17.5"
}
]
}
}
]
},
"vendor_name": "Vanilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/02/22/14",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/02/22/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1009",
"datePublished": "2020-02-05T20:41:55",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3528 (GCVE-0-2013-3528)
Vulnerability from cvelistv5
Published
2013-05-10 21:00
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vanillaforums/Garden/commit/b9a10dabb15c697347bfa7baef69a6e211b2f804"
},
{
"name": "vanilla-forums-cve20133528-unspec(84167)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to \"object injection.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vanillaforums/Garden/commit/b9a10dabb15c697347bfa7baef69a6e211b2f804"
},
{
"name": "vanilla-forums-cve20133528-unspec(84167)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84167"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to \"object injection.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7",
"refsource": "CONFIRM",
"url": "http://vanillaforums.org/discussion/23339/security-update-vanilla-2-0-18-7"
},
{
"name": "https://github.com/vanillaforums/Garden/commit/b9a10dabb15c697347bfa7baef69a6e211b2f804",
"refsource": "CONFIRM",
"url": "https://github.com/vanillaforums/Garden/commit/b9a10dabb15c697347bfa7baef69a6e211b2f804"
},
{
"name": "vanilla-forums-cve20133528-unspec(84167)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84167"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3528",
"datePublished": "2013-05-10T21:00:00",
"dateReserved": "2013-05-10T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}