Moderate

CVE-2002-1678 - Unspecified vulnerability in Jelsoft Vbulletin

Publication: 2002-12-31
Summary

Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.

Risk level (CVSS 4.3)

Moderate

4.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Jelsoft Vbulletin 2.0_rc2
  • Jelsoft Vbulletin 2.0_rc3
  • Jelsoft Vbulletin 2.2.0
  • Jelsoft Vbulletin 2.2.1
  • Jelsoft Vbulletin 2.2.2
  • Jelsoft Vbulletin 2.2.3
  • Jelsoft Vbulletin 2.2.4