Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4273 — Cross-site Scripting in Vbulletin

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.7%

top 27.40%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Jelsoft Vbulletin

Timeline

PublishedAug 21

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDjelsoft/vbulletin3.5.4, 3.6.0+1

🔴Vulnerability Details

GHSA

GHSA-j5x7-w5xg-qp8r: Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

vBulletin 3.0.14 - 'global.php' Encoded Cross-Site Scripting↗2006-08-05

▶