Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1040Cross-site Scripting in Vbulletin

4 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 23.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Jelsoft Vbulletin
Timeline
PublishedMar 7
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDjelsoft/vbulletin3.0.12, 3.5.3+1

Patches

Patch: www.kapda.irPatch: www.kapda.ir

🔴Vulnerability Details

1
GHSA
GHSA-pc29-8m58-jr7r: Cross-site scripting (XSS) vulnerability in vBulletin 32022-05-01

💥Exploits & PoCs

2
Exploit-DB
RealPlayer 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow (PoC)2006-03-28
Exploit-DB
vBulletin 3.0/3.5 - 'profile.php?Email' HTML Injection2006-03-02