NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Keyword (text search): cpe:2.3:a:vbulletin:vbulletin:4.4.2:*:*:*:*:*:*:*
CPE Name Search: true

There are 7 matching records.

Displaying matches 1 through 7.

Vuln ID	Summary	CVSS Severity
CVE-2023-39777	A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter. Published: September 15, 2023; 9:15:08 PM -0400	V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available)
CVE-2019-17271	vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. Published: October 08, 2019; 9:15:15 AM -0400	V4.0:(not available) V3.1: 4.9 MEDIUM V2.0: 4.0 MEDIUM
CVE-2019-17132	vBulletin through 5.5.4 mishandles custom avatars. Published: October 04, 2019; 8:15:11 AM -0400	V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 6.8 MEDIUM
CVE-2019-17131	vBulletin before 5.5.4 allows clickjacking. Published: October 04, 2019; 8:15:11 AM -0400	V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM
CVE-2019-17130	vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. Published: October 04, 2019; 8:15:11 AM -0400	V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM
CVE-2017-7569	In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. Published: April 06, 2017; 1:59:00 PM -0400	V4.0:(not available) V3.0: 8.6 HIGH V2.0: 5.0 MEDIUM
CVE-2010-1077	Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. Published: March 23, 2010; 3:30:00 PM -0400	V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM