CVE-2005-3023Cross-site Scripting in Vbulletin

2 documents2 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 42.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jelsoft Vbulletin
Timeline
PublishedSep 21
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDjelsoft/vbulletin35 versions+34

🔴Vulnerability Details

1
GHSA
GHSA-wpc7-qhwq-ppp4: Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 32022-05-01