CVE-2011-0526
published 2011-02-08CVE-2011-0526: Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.27%
66.2th percentile
Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vanillaforums | vanilla | <= 2.0.17.5 | — |
| vanillaforums | vanilla | <= 2.0.16 | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
| vanillaforums | vanilla | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7pcp-2xch-fv67: Open redirect vulnerability in Vanilla Forums before 2
ghsa_unreviewed·2022-05-13·CVSS 4.3
CVE-2011-0908 [MEDIUM] CWE-20 GHSA-7pcp-2xch-fv67: Open redirect vulnerability in Vanilla Forums before 2
Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526.
GHSA
GHSA-44vx-q8jj-wcwm: Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2
ghsa_unreviewed·2022-05-13·CVSS 4.3
CVE-2011-0909 [MEDIUM] CWE-79 GHSA-44vx-q8jj-wcwm: Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2
Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.
GHSA
GHSA-9j5v-64p9-chpf: Cross-site scripting (XSS) vulnerability in index
ghsa_unreviewed·2022-05-13
CVE-2011-0526 [MEDIUM] CWE-79 GHSA-9j5v-64p9-chpf: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.
No detection rules found.
No writeups or analysis indexed.
http://openwall.com/lists/oss-security/2011/01/27/2http://openwall.com/lists/oss-security/2011/01/27/5http://secunia.com/advisories/43074http://www.osvdb.org/70677http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-releasedhttp://yehg.net/lab/pr0js/advisories/%5Bvanilla_forums-2.0.16%5D_cross_site_scriptinghttp://openwall.com/lists/oss-security/2011/01/27/2http://openwall.com/lists/oss-security/2011/01/27/5http://secunia.com/advisories/43074http://www.osvdb.org/70677http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-releasedhttp://yehg.net/lab/pr0js/advisories/%5Bvanilla_forums-2.0.16%5D_cross_site_scripting
2011-02-08
Published