cbcvebase.

Jelsoft Vbulletin vulnerabilities

51 known vulnerabilities affecting jelsoft/vbulletin.

Total CVEs
51
CISA KEV
0
Public exploits
22
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH14MEDIUM32LOW4

Vulnerabilities

Page 3 of 3
CVE-2002-1678P4MEDIUMCVSS 4.3v2.0_rc2v2.0_rc3+5 more2002-12-31
CVE-2002-1678 [MEDIUM] CVE-2002-1678: Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2 Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.
nvd
CVE-2005-3025P4MEDIUMCVSS 4.3v1.0.1v2.0.3+31 more2005-09-21
CVE-2005-3025 [MEDIUM] CVE-2005-3025: Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote atta Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php.
nvd
CVE-2007-2910P4MEDIUMCVSS 4.3≤ 3.6.62007-05-30
CVE-2007-2910 [MEDIUM] CVE-2007-2910: Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attacke Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909.
nvd
CVE-2005-4621P4MEDIUMCVSS 4.3v1.0.1v2.0.3+36 more2005-12-31
CVE-2005-4621 [MEDIUM] CVE-2005-4621: Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote att Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg.
nvd
CVE-2007-1342P4MEDIUMCVSS 4.3≤ 3.6.52007-03-08
CVE-2007-1342 [MEDIUM] CVE-2007-1342: Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.
nvd
CVE-2007-4453P4MEDIUMCVSS 4.3v3.6.82007-08-21
CVE-2007-4453 [MEDIUM] CVE-2007-4453: Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inj Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php.
nvd
CVE-2007-0869P4MEDIUMCVSS 4.3v3.6.42007-02-09
CVE-2007-0869 [MEDIUM] CVE-2007-0869: Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelso Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. NOTE: this might be a duplicate of CVE-2007-0830.5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party
nvd
CVE-2004-0091P4MEDIUMCVSS 4.3v3.0_beta_22004-02-17
CVE-2004-0091 [MEDIUM] CVE-2004-0091: NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in regis NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_s
nvd
CVE-2002-1679P4MEDIUMCVSS 4.3v2.2.02002-12-31
CVE-2002-1679 [MEDIUM] CVE-2002-1679: Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execu Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message.
nvd
CVE-2007-2909P4LOWCVSS 3.5≤ 3.6.62007-05-30
CVE-2007-2909 [LOW] CVE-2007-2909: Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 all Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
nvd
CVE-2007-0830P4LOWCVSS 3.5v3.6.42007-02-07
CVE-2007-0830 [LOW] CWE-79 CVE-2007-0830: Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Ca
nvd
Jelsoft Vbulletin vulnerabilities | cvebase