Spoofing the redirect process using RTLO |
Violation of Secure Design Principles |
flex0geek |
Medium |
2020-06-29 |
Making further registrations difficult on Vanilla forum |
Denial of Service |
krishnaverma |
Medium |
2020-06-11 |
disclosure of email by sending a message. |
None supplied |
haxta4ok00 |
Medium |
2020-05-04 |
XSS through chat messages |
None supplied |
vivek111 |
High |
2020-04-02 |
Conversation API Leaks Details Of UnAuthorized Conversations |
Improper Access Control - Generic |
mindingdata |
Medium |
2020-03-25 |
XSS For Profile Name |
Cross-site Scripting (XSS) - Stored |
mindingdata |
High |
2020-03-25 |
Abusing "Report as abuse" functionality to delete any user's post. |
Business Logic Errors |
h1_squirtle |
High |
2020-01-18 |
Web cache deception attack on https://open.vanillaforums.com/messages/all |
Information Disclosure |
ronr |
Medium |
2019-12-01 |
Stored XSS in vanilla |
Cross-site Scripting (XSS) - Stored |
alb3r7 |
High |
2019-07-13 |
Stored XSS in vanilla |
Cross-site Scripting (XSS) - Stored |
alb3r7 |
High |
2019-05-24 |
XSS: Group search terms |
Cross-site Scripting (XSS) - DOM |
jameelnabbo |
High |
2019-05-01 |
Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability |
Path Traversal |
mr_me |
High |
2019-03-13 |
A SQL injection vulnerability in Vanilla |
SQL Injection |
balis0ng |
Critical |
2018-10-25 |
Unsanitized input in email field |
Cross-site Scripting (XSS) - Stored |
mr_r0w07 |
High |
2018-09-27 |
Vanilla SQL Injection Vulnerability |
SQL Injection |
balis0ng |
Critical |
2018-08-17 |
Able to Select Every Poll Option[http://tedwebers-famous-loudspeakers.vanillacommunities.com] |
Privilege Escalation |
tikoo_sahil |
Medium |
2018-08-08 |
Overwrite Drafts of Everyone |
Improper Access Control - Generic |
geekboy |
Medium |
2018-07-23 |
Accessing Private Files Shared in message of other users |
Improper Access Control - Generic |
geekboy |
Medium |
2018-07-23 |
A user can comment in private discussions without having permission to access the discussion |
Business Logic Errors |
samux |
Medium |
2018-06-22 |
Forum Users Information Disclosure |
Information Disclosure |
fiona |
High |
2018-06-16 |
A user can create an event in a group without being in it http://littleguy.vanillastaging.com/ |
None supplied |
samux |
Medium |
2018-06-14 |