WEB APPLICATION VULNERABILITIES Standard & Premium

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8279)

Description

Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.

Remediation

References

Related Vulnerabilities

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.2.2)

PHP Deserialization of Untrusted Data Vulnerability (CVE-2016-7124)

WordPress Plugin BuddyPress Customer.io Analytics Integration Cross-Site Request Forgery (1.1.6)

WordPress Plugin Feedweb Cross-Site Scripting (1.8.8)

WordPress Plugin Calendar Event Multi View Security Bypass (1.4.06)

Severity

Medium

Classification

CVE-2019-8279 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities