Vanilla


21 total issues disclosed

$6,150 total paid publicly


Most disclosed (4 disclosures) — Cross-site Scripting (XSS) - Stored

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Spoofing the redirect process using RTLO Violation of Secure Design Principles flex0geek Medium 2020-06-29
Making further registrations difficult on Vanilla forum Denial of Service krishnaverma Medium 2020-06-11
disclosure of email by sending a message. None supplied haxta4ok00 Medium 2020-05-04
XSS through chat messages None supplied vivek111 High 2020-04-02
Conversation API Leaks Details Of UnAuthorized Conversations Improper Access Control - Generic mindingdata Medium 2020-03-25
XSS For Profile Name Cross-site Scripting (XSS) - Stored mindingdata High 2020-03-25
Abusing "Report as abuse" functionality to delete any user's post. Business Logic Errors h1_squirtle High 2020-01-18
Web cache deception attack on https://open.vanillaforums.com/messages/all Information Disclosure ronr Medium 2019-12-01
Stored XSS in vanilla Cross-site Scripting (XSS) - Stored alb3r7 High 2019-07-13
Stored XSS in vanilla Cross-site Scripting (XSS) - Stored alb3r7 High 2019-05-24
XSS: Group search terms Cross-site Scripting (XSS) - DOM jameelnabbo High 2019-05-01
Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability Path Traversal mr_me High 2019-03-13
A SQL injection vulnerability in Vanilla SQL Injection balis0ng Critical 2018-10-25
Unsanitized input in email field Cross-site Scripting (XSS) - Stored mr_r0w07 High 2018-09-27
Vanilla SQL Injection Vulnerability SQL Injection balis0ng Critical 2018-08-17
Able to Select Every Poll Option[http://tedwebers-famous-loudspeakers.vanillacommunities.com] Privilege Escalation tikoo_sahil Medium 2018-08-08
Overwrite Drafts of Everyone Improper Access Control - Generic geekboy Medium 2018-07-23
Accessing Private Files Shared in message of other users Improper Access Control - Generic geekboy Medium 2018-07-23
A user can comment in private discussions without having permission to access the discussion Business Logic Errors samux Medium 2018-06-22
Forum Users Information Disclosure Information Disclosure fiona High 2018-06-16
A user can create an event in a group without being in it http://littleguy.vanillastaging.com/ None supplied samux Medium 2018-06-14