Stored Cross-Site Scripting in Vanilla Forums by Vanilla Forums
CVE-2019-8279

5.4MEDIUM

Key Information:

Vendor: Kaspersky
Status: Vanilla Forums
Vendor: CVE Published:; 2 March 2019

What is CVE-2019-8279?

In Vanilla Forums software prior to version 2.5, a vulnerability exists that enables remote attackers to inject arbitrary JavaScript code into any forum message. This flaw allows the execution of malicious scripts by any user viewing the affected messages, potentially leading to unauthorized access or further compromise of user accounts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Vanilla Forums Before 2.5

References

https://scriptinjection.blogspot.com/2019/02/vanilla-foru...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 2, 2019
Vulnerability Reserved
Feb 12, 2019

JSON

Kaspersky