Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Bugtraq report of Vanilla 1.0.1 security vulnerability



  • Options
    It is now showing as disputed on several of the other sites that reported this. Here is another message on the erroneus report:
  • Options
    They say it is now 'Retired'.
    Further information reports that this issue cannot be exploited because the vulnerable parameter is defined with a hard-coded value. Therefore this BID is being retired.
    I guess someone finally listened.
  • Options
    TreyTrey Charlotte NC New
    someone at the site listened, but what about the <a href=""></a>? Theres gotta be a way to report that the 'error' noted there was falsely presented, and should be taken down.
This discussion has been closed.