Arbitrary Script Injection in LatestComment Plugin for Vanilla Forums

Arbitrary Script Injection in LatestComment Plugin for Vanilla Forums

CVE-2012-6555 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.

Learn more about our Web App Pen Testing.