CVE-2010-4264 — CVSS 6.1 (medium): It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute…
CVE-2019-8279 — CVSS 5.4 (medium): Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
CVE-2014-9685 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to…
CVE-2018-15833 — CVSS 4.3 (medium): In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability…
CVE-2012-4954 — CVSS 3.5 (low): The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing…