CVE-2010-4264

It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.

Date published : 2021-06-22

https://github.com/vanilla/vanilla/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece

https://seclists.org/oss-sec/2010/q4/282