########################################################## # GulfTech Security Research August 19, 2008 ########################################################## # Vendor : Mark O'Sullivan # URL : http://www.getvanilla.com/ # Version : Vanilla <= 1.1.4 # Risk : Multiple Vulnerabilities ########################################################## Description: Vanilla is an open-source, standards-compliant, multi-lingual, fully extensible web based discussion forum. Unfortunately there are a couple of issues within Vanilla that allow for a malicious user to steal client based credentials such as cookies. These issues include both script injection and cross site scripting. An updated version of Vanilla has been released and users should upgrade their Vanilla installation as soon as possible. Cross Site Scripting: There is a Cross Site Scripting issue in Vanilla that allow for theft of client side credentials such as cookies. An example can be found in people.php. This issue is a result of unsanitized GPC variables being displayed to the end user. /people.php?PostBackAction=Apply&NewPassword='">