Search Results (Refine Search)
- CPE Product Version: cpe:/a:vbulletin:vbulletin:3.8.11
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-39777 |
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter. Published: September 15, 2023; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2019-17271 |
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. Published: October 08, 2019; 9:15:15 AM -0400 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-17132 |
vBulletin through 5.5.4 mishandles custom avatars. Published: October 04, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2019-17131 |
vBulletin before 5.5.4 allows clickjacking. Published: October 04, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17130 |
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. Published: October 04, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2018-6200 |
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. Published: January 24, 2018; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2014-9463 |
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. Published: September 15, 2017; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2017-7569 |
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. Published: April 06, 2017; 1:59:00 PM -0400 |
V4.0:(not available) V3.0: 8.6 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-6195 |
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016. Published: August 30, 2016; 3:59:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-2021 |
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name. Published: October 24, 2014; 8:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-2022 |
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request. Published: October 15, 2014; 10:55:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2011-5251 |
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. Published: December 31, 2012; 3:55:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM |