CVE-2002-1678 — Cross-site Scripting in Vbulletin

2 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 36.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jelsoft Vbulletin

Timeline

PublishedDec 31

Latest updateApr 30

Description

Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDjelsoft/vbulletin7 versions+6

🔴Vulnerability Details

GHSA

GHSA-8x7g-mp2w-xqjf: Cross-site scripting (XSS) vulnerability in memberlist↗2022-04-30

▶