Vulnerabilities > Jelsoft > Vbulletin > Low

DATE CVE VULNERABILITY TITLE RISK
2007-05-30 CVE-2007-2909 Cross-Site Scripting vulnerability in vBulletin
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
network
jelsoft
3.5
2005-09-21 CVE-2005-3021 File-Upload vulnerability in vBulletin
image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action.
local
low complexity
jelsoft
2.1