vanillaforums CVE Vulnerabilities & CVE List (25)

Products (CPE): — CVEs: 25

vanillaforums vulnerability overview

Aggregates CVE and security vulnerability intelligence across all vanillaforums-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting and vendor risk path handling and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.

Vulnerability distribution trend (last 24 months)

Showing 2125 of 25 CVEs
«« First « Prev Page 2 / 2 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2011-3812 Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files. [email protected] 5.0 1.23% 2011-09-23 2026-06-16
CVE-2011-0910 The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks. [email protected] 6.4 1.05% 2011-02-08 2026-06-16
CVE-2011-0909 Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526. [email protected] 4.3 0.85% 2011-02-08 2026-06-16
CVE-2011-0908 Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526. [email protected] 5.8 0.96% 2011-02-08 2026-06-16
CVE-2011-0526 Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action. [email protected] 4.3 1.27% 2011-02-08 2026-06-16
«« First « Prev Page 2 / 2 Next »
cvelogic Threat Intelligence