CVE-2006-6040
published 2006-11-22CVE-2006-6040: Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or…
PriorityP424medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.23%
80.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Jelsoft vBulletin 3.6.0/3.6.1/3.6.2/3.6.3 navprefs cross site scripting (XFDB-30408 / BID-21157)
vuldb·2026-04-28·CVSS 6.8
CVE-2006-6040 [MEDIUM] Jelsoft vBulletin 3.6.0/3.6.1/3.6.2/3.6.3 navprefs cross site scripting (XFDB-30408 / BID-21157)
A vulnerability, which was classified as problematic, has been found in Jelsoft vBulletin 3.6.0/3.6.1/3.6.2/3.6.3. This vulnerability affects unknown code. The manipulation of the argument navprefs leads to basic cross site scripting.
This vulnerability is uniquely identified as CVE-2006-6040. The attack is possible to be carried out remotely. Moreover, an exploit is present.
GHSA
GHSA-ppmj-f697-j88m: ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2007-0830 [MEDIUM] CWE-79 GHSA-ppmj-f697-j88m: ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040.
GHSA
GHSA-6cp2-ffpr-7c6w: Multiple cross-site scripting (XSS) vulnerabilities in admincp/index
ghsa_unreviewed·2022-05-01
CVE-2006-6040 [MEDIUM] GHSA-6cp2-ffpr-7c6w: Multiple cross-site scripting (XSS) vulnerabilities in admincp/index
Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/23011http://securityreason.com/securityalert/1903http://www.securityfocus.com/archive/1/451959/100/0/threadedhttp://www.securityfocus.com/bid/21157http://www.vbulletin.com/forum/showthread.php?postid=1256434http://www.vupen.com/english/advisories/2006/4599https://exchange.xforce.ibmcloud.com/vulnerabilities/30408http://secunia.com/advisories/23011http://securityreason.com/securityalert/1903http://www.securityfocus.com/archive/1/451959/100/0/threadedhttp://www.securityfocus.com/bid/21157http://www.vbulletin.com/forum/showthread.php?postid=1256434http://www.vupen.com/english/advisories/2006/4599https://exchange.xforce.ibmcloud.com/vulnerabilities/30408
2006-11-22
Published