Description

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items).

Remediation

References

CVE-2018-15833

Related Vulnerabilities

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3325)

WordPress Plugin Improved Product Options for WooCommerce Security Bypass (5.2.0)

WebLogic CVE-2020-13956 Vulnerability (CVE-2020-13956)

WordPress Plugin Qwizcards-online quizzes and flashcards Cross-Site Scripting (3.61)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22888)

Severity

Medium

Classification

CVE-2018-15833 CWE-639 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities