Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=112715150320677&w=2 | |
http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt | Exploit Vendor Advisory |
http://marc.info/?l=bugtraq&m=112715150320677&w=2 | |
http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:00
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=112715150320677&w=2 - | |
References | () http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt - Exploit, Vendor Advisory |
Information
Published : 2005-09-21 22:03
Updated : 2024-11-21 00:00
NVD link : CVE-2005-3023
Mitre link : CVE-2005-3023
CVE.ORG link : CVE-2005-3023
JSON object : View
Products Affected
jelsoft
- vbulletin
CWE