Description

Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.

Remediation

References

CVE-2011-0909

Related Vulnerabilities

WordPress Plugin WP Import Export Information Disclosure (3.9.15)

WordPress Plugin Nextend Facebook Connect Unspecified Vulnerability (1.5.7)

Oracle JRE CVE-2013-5849 Vulnerability (CVE-2013-5849)

WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)

Drupal Core 8.7.x Security Bypass (8.7.0 - 8.7.10)

Severity

Medium

Classification

CVE-2011-0909 CWE-707

Tags

Missing Update Known Vulnerabilities