CVE-2007-2909
published 2007-05-30CVE-2007-2909: Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML…
PriorityP412low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
0.69%
48.1th percentile
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jelsoft | vbulletin | <= 3.6.6 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rxjp-7p4j-7mmw: Cross-site scripting (XSS) vulnerability in calendar
ghsa_unreviewed·2022-05-01
CVE-2007-2909 [LOW] GHSA-rxjp-7p4j-7mmw: Cross-site scripting (XSS) vulnerability in calendar
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
GHSA
GHSA-7f94-825q-j49j: Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3
ghsa_unreviewed·2022-05-01·CVSS 3.5
CVE-2007-2910 [LOW] CWE-79 GHSA-7f94-825q-j49j: Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2007-05-30
Published