Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-6779 — Cross-site Scripting in Vbulletin

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

1.0%

top 22.98%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Jelsoft Vbulletin

Timeline

PublishedDec 28

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDjelsoft/vbulletin8 versions+7

🔴Vulnerability Details

GHSA

GHSA-f6vj-hj74-6gr6: Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

vBulletin 3.5.x/3.6.x - SWF Script Injection↗2006-12-25

▶