Vulnerabilities > CVE-2002-1678 - Cross-Site Scripting vulnerability in VBulletin

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

jelsoft

NVD

Published: 2002-12-31

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.

Vulnerable Configurations

Part	Description	Count
Application	Jelsoft Jelsoft Vbulletin 2.0_Rc2 Jelsoft Vbulletin 2.0_Rc3 Jelsoft Vbulletin 2.2.0 Jelsoft Vbulletin 2.2.1 Jelsoft Vbulletin 2.2.2 Jelsoft Vbulletin 2.2.3 Jelsoft Vbulletin 2.2.4	7

References

http://online.securityfocus.com/archive/1/263609
http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2
http://www.securityfocus.com/bid/4349
https://exchange.xforce.ibmcloud.com/vulnerabilities/8619