Vulnerabilities > CVE-2002-2235 - Numeric Errors vulnerability in Jelsoft Vbulletin

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jelsoft

CWE-189

exploit available

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks.

Vulnerable Configurations

Part	Description	Count
Application	Jelsoft Jelsoft Vbulletin 2.0 Jelsoft Vbulletin 2.0.1 Jelsoft Vbulletin 2.0.2 Jelsoft Vbulletin 2.2.0 Jelsoft Vbulletin 2.2.1 Jelsoft Vbulletin 2.2.2 Jelsoft Vbulletin 2.2.3 Jelsoft Vbulletin 2.2.4 Jelsoft Vbulletin 2.2.5 Jelsoft Vbulletin 2.2.6 Jelsoft Vbulletin 2.2.7 Jelsoft Vbulletin 2.2.8 Jelsoft Vbulletin 2.2.9 Jelsoft Vbulletin 2.2.9_Can	14

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Exploit-Db

description	VBulletin 2.0.x/2.2.x members2.php Cross Site Scripting Vulnerability. CVE-2002-2235. Webapps exploit for php platform
id	EDB-ID:22042
last seen	2016-02-02
modified	2002-11-25
published	2002-11-25
reporter	Sp.IC
source	https://www.exploit-db.com/download/22042/
title	VBulletin 2.0.x/2.2.x members2.php Cross-Site Scripting Vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References