Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0295 — Cross-site Scripting in Vbulletin

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.7%

top 28.08%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Jelsoft Vbulletin

Timeline

PublishedJun 16

Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDjelsoft/vbulletin3.0.0_beta_2

🔴Vulnerability Details

GHSA

GHSA-hhwm-qmrw-45w2: Cross-site scripting (XSS) vulnerability in private↗2022-04-29

▶

💥Exploits & PoCs

Exploit-DB

vBulletin 3.0 - Private Message HTML Injection↗2003-05-14

▶