Description
Vanilla before 2.6.1 allows XSS via the email field of a profile.
Remediation
References
Related Vulnerabilities
Vanilla Forums Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4954)
MyBB CVE-2015-2786 Vulnerability (CVE-2015-2786)
UAParser.js Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2021-4229)
WordPress Plugin Zoho Marketing Automation SQL Injection (1.2.7)