CVE-2005-4621 — Cross-site Scripting in Vbulletin

2 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 42.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jelsoft Vbulletin

Timeline

PublishedDec 31

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDjelsoft/vbulletin38 versions+37

Patches

Patch: www.vbulletin.com ↗Patch: www.vbulletin.com ↗

🔴Vulnerability Details

GHSA

GHSA-353p-pq7h-22q6: Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3↗2022-05-01

▶