Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=112715150320677&w=2 | |
http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2005-09-21 22:03
Updated : 2024-02-28 10:42
NVD link : CVE-2005-3023
Mitre link : CVE-2005-3023
CVE.ORG link : CVE-2005-3023
JSON object : View
Products Affected
jelsoft
- vbulletin
CWE