← Back

Vanillaforums

vanillaforums

25 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Vanilla
vanilla
19 CVEs
Vanilla Forums
vanilla_forums
7 CVEs
Latestcomment
latestcomment
1 CVE

CVEs (25)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2011-3812
1Vanillaforums
1Vanilla
Apr 29, 2026
Sep 24, 2011
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and cer...Show more
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.Show less
CVE-2011-0910
1Vanillaforums
1Vanilla
Apr 29, 2026
Feb 8, 2011
N/A· v4
N/A· v3
6.4 MEDIUM· v2
The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.
CVE-2011-0909
1Vanillaforums
1Vanilla
Apr 29, 2026
Feb 8, 2011
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CV...Show more
Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.Show less
CVE-2011-0908
1Vanillaforums
1Vanilla
Apr 29, 2026
Feb 8, 2011
N/A· v4
N/A· v3
5.8 MEDIUM· v2
Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a...Show more
Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526.Show less
CVE-2011-0526
1Vanillaforums
1Vanilla
Apr 29, 2026
Feb 8, 2011
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.