Search Results (Refine Search)
- CPE Product Version: cpe:/a:vbulletin:vbulletin:4.4.2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-39777 |
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter. Published: September 15, 2023; 9:15:08 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2019-17271 |
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. Published: October 08, 2019; 9:15:15 AM -0400 |
V3.1: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-17132 |
vBulletin through 5.5.4 mishandles custom avatars. Published: October 04, 2019; 8:15:11 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2019-17131 |
vBulletin before 5.5.4 allows clickjacking. Published: October 04, 2019; 8:15:11 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17130 |
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. Published: October 04, 2019; 8:15:11 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2017-7569 |
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. Published: April 06, 2017; 1:59:00 PM -0400 |
V3.0: 8.6 HIGH V2.0: 5.0 MEDIUM |