Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3020Cross-site Scripting in Vbulletin

8 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 33.56%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Jelsoft Vbulletin
Timeline
PublishedSep 21
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDjelsoft/vbulletin35 versions+34

Patches

Patch: morph3us.orgPatch: secunia.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-4hrh-vvjg-rgq7: Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 32022-05-01

💥Exploits & PoCs

6
Exploit-DB
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/template.php' Multiple Cross-Site Scripting Vulnerabilities2005-09-19
Exploit-DB
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php?orderby' Cross-Site Scripting2005-09-19
Exploit-DB
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php?email' Cross-Site Scripting2005-09-19
Exploit-DB
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php?goto' Cross-Site Scripting2005-09-19
Exploit-DB
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/index.php' Multiple Cross-Site Scripting Vulnerabilities2005-09-19