Timvanilla Staff

**Name of the Vulnerable Software and Affected Versions** Vanilla Forums versions prior to 2.0.17.6 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the `Target` parameter. This can be exploited to trick users into revealing sensitive information. **Recommendations** For versions prior to 2.0.17.6, update to version 2.0.17.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the component that utilizes the `Target` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vanilla Forums versions prior to 2.0.17.6 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `p` parameter to an unspecified component. **Recommendations** For versions prior to 2.0.17.6, update to version 2.0.17.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Vanilla Forums versions prior to 2.0.17.6 **Description** The issue makes it easier for remote attackers to spoof signed requests and obtain access to arbitrary user accounts via HMAC timing attacks. This allows attackers to potentially gain unauthorized access to user accounts. **Recommendations** For versions prior to 2.0.17.6, update to version 2.0.17.6 or later to resolve the issue.