Vanilla


reports in last 90 days

34

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

High xss reflected in littleguy.vanillastaging.com

Cross-site Scripting (XSS) - Reflected black_b Time to triage: 0 Days and 4 hours


Time to close: 73 Days and 18 hours
Resolved

Medium Stored XSS in embedded posts containing images

Cross-site Scripting (XSS) - Stored klmunday Time to triage: 0 Days and 22 hours


Time to close: 65 Days and 0 hours
Resolved

High Stored XSS in Profile Comments

Cross-site Scripting (XSS) - Stored klmunday Time to triage: 1 Days and 7 hours


Time to close: 65 Days and 6 hours
Resolved

High Unsanitized user photo paths allow local file read

Business Logic Errors alb3r7 Time to triage: 40 Days and 8 hours


Time to close: 100 Days and 0 hours
Resolved

Medium Hidden Stored XSS in nested post embeds

Cross-site Scripting (XSS) - Stored klmunday Time to triage: 0 Days and 19 hours


Time to close: 64 Days and 23 hours
Resolved

High Stored XSS in Rich editor via Embed datetime

Cross-site Scripting (XSS) - Stored klmunday Time to triage: 1 Days and 10 hours


Time to close: 65 Days and 4 hours
Resolved

High Stored XSS in vanilla

Cross-site Scripting (XSS) - Stored alb3r7 Time to triage: 11 Days and 6 hours


Time to close: 106 Days and 4 hours
Resolved

High Vanilla Forums Xenforo password splitHash Unserialize Remote Code Execution Vulnerability

Deserialization of Untrusted Data mr_me Time to triage: 1 Days and 17 hours


Time to close: 11 Days and 23 hours
Resolved

Critical Vanilla SQL Injection Vulnerability

SQL Injection balis0ng Time to triage: 2 Days and 6 hours


Time to close: 3 Days and 4 hours
Resolved

Critical Vanilla Forums Gdn_Format unserialize() Remote Code Execution Vulnerability

Deserialization of Untrusted Data mr_me Time to triage: 4 Days and 21 hours


Time to close: 10 Days and 3 hours
Resolved

Critical Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability (critical)

Deserialization of Untrusted Data mr_me Time to triage: 2 Days and 14 hours


Time to close: 3 Days and 9 hours
Resolved

Critical A SQL injection vulnerability in Vanilla

SQL Injection balis0ng Time to triage: 1 Days and 10 hours


Time to close: 116 Days and 9 hours
Resolved

Critical Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability

Deserialization of Untrusted Data mr_me Time to triage: 1 Days and 10 hours


Time to close: 6 Days and 7 hours
Resolved

High FileUpload Plugin: CSRF (delete all attached files)

Cross-Site Request Forgery (CSRF) foobar7 Time to triage: 1 Days and 10 hours


Time to close: 236 Days and 5 hours
Resolved

High Persistent XSS via Signatures

Cross-site Scripting (XSS) - Stored foobar7 Time to triage: 0 Days and 2 hours


Time to close: 138 Days and 11 hours
Resolved

High jsConnect Plugin: Takeover of existing account

Improper Authentication - Generic foobar7 Time to triage: 4 Days and 3 hours


Time to close: 51 Days and 0 hours
Resolved

High Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability

Path Traversal mr_me Time to triage: 3 Days and 21 hours


Time to close: 141 Days and 9 hours
Resolved

Medium Bypassing the Trusted Link Alert System

UI Redressing (Clickjacking) pipe-to-grep Time to triage: 6 Days and 1 hours


Time to close: 285 Days and 6 hours
Resolved

High XSS: Group search terms

Cross-site Scripting (XSS) - DOM jameelnabbo Time to triage: 6 Days and 10 hours


Time to close: 66 Days and 8 hours
Resolved

High Stored XSS in vanilla

Cross-site Scripting (XSS) - Stored alb3r7 Time to triage: 4 Days and 7 hours


Time to close: 20 Days and 5 hours
Resolved

Critical Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability

Deserialization of Untrusted Data mr_me Time to triage: 1 Days and 10 hours


Time to close: 6 Days and 7 hours
Resolved

High Vanilla Forums Xenforo password splitHash Unserialize Remote Code Execution Vulnerability

Deserialization of Untrusted Data mr_me Time to triage: 1 Days and 17 hours


Time to close: 11 Days and 23 hours
Resolved

Critical Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability (critical)

Deserialization of Untrusted Data mr_me Time to triage: 2 Days and 14 hours


Time to close: 3 Days and 9 hours
Resolved

Critical Vanilla Forums Gdn_Format unserialize() Remote Code Execution Vulnerability

Deserialization of Untrusted Data mr_me Time to triage: 4 Days and 21 hours


Time to close: 10 Days and 3 hours
Resolved

Low [allhiphop.vanillacommunities.com] XSS Request-URI

Cross-site Scripting (XSS) - Reflected bobrov Time to triage: 2 Days and 8 hours


Time to close: 58 Days and 6 hours
Resolved