Vulnerabilities > CVE-2006-1040 - HTML Injection vulnerability in Jelsoft Vbulletin 3.0.12/3.5.3
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php. This vulnerability affects all versions of Jelsoft, vBulletin between 3.0.12 and 3.5.3
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | VBulletin 3.0/3.5 Profile.PHP Email Field HTML Injection Vulnerability. CVE-2006-1040. Webapps exploit for php platform |
id | EDB-ID:27343 |
last seen | 2016-02-03 |
modified | 2006-03-02 |
published | 2006-03-02 |
reporter | imei |
source | https://www.exploit-db.com/download/27343/ |
title | VBulletin 3.0/3.5 Profile.PHP Email Field HTML Injection Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | VBULLETIN_354.NASL |
description | According to its banner, the version of vBulletin installed on the remote host does not properly sanitize user-supplied-input to the email field in the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20992 |
published | 2006-03-03 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20992 |
title | vBulletin Email Field XSS |
code |
|
References
- http://secunia.com/advisories/19100
- http://www.kapda.ir/advisory-266.html
- http://www.osvdb.org/23614
- http://www.securityfocus.com/archive/1/426537/100/0/threaded
- http://www.securityfocus.com/archive/1/426589/100/0/threaded
- http://www.securityfocus.com/bid/16919
- http://www.vbulletin.com/forum/showthread.php?postid=1079030
- http://www.vupen.com/english/advisories/2006/0808