Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php.
Software | From | Fixed in |
---|---|---|
lussumo / vanilla | - | 1.1.4.x |
lussumo / vanilla | 0.9.2 | 0.9.2.x |
lussumo / vanilla | 1 | 1.x |
lussumo / vanilla | 1.0.1 | 1.0.1.x |
lussumo / vanilla | 1.0.2 | 1.0.2.x |
lussumo / vanilla | 1.0.3 | 1.0.3.x |
lussumo / vanilla | 1.1 | 1.1.x |
lussumo / vanilla | 1.1.1 | 1.1.1.x |
lussumo / vanilla | 1.1.2 | 1.1.2.x |
lussumo / vanilla | 1.1.3 | 1.1.3.x |