Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3253Cross-site Scripting in Vbulletin

3 documents3 sources
Severity
2.6LOWNVD
EPSS
7.5%
top 8.21%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Jelsoft Vbulletin
Timeline
PublishedJun 28
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

NVDjelsoft/vbulletin11 versions+10

🔴Vulnerability Details

1
GHSA
GHSA-3q76-8594-629m: ** DISPUTED ** Cross-site scripting (XSS) vulnerability in member2022-05-01

💥Exploits & PoCs

1
Exploit-DB
vBulletin 3.0.9/3.5.x - 'member.php' Cross-Site Scripting2006-06-20