Vulnerabilities > Vbulletin
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-16 | CVE-2023-39777 | Cross-site Scripting vulnerability in Vbulletin A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter. | 5.4 |
2023-02-03 | CVE-2023-25135 | Deserialization of Untrusted Data vulnerability in Vbulletin 5.6.7/5.6.8/5.6.9 vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. | 9.8 |
2020-10-30 | CVE-2020-7373 | Code Injection vulnerability in Vbulletin vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. | 9.8 |
2020-09-03 | CVE-2020-25124 | Cross-site Scripting vulnerability in Vbulletin 5.6.3 The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. | 4.8 |
2020-09-03 | CVE-2020-25123 | Cross-site Scripting vulnerability in Vbulletin 5.6.3 The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. | 4.8 |
2020-09-03 | CVE-2020-25122 | Cross-site Scripting vulnerability in Vbulletin 5.6.3 The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager. | 4.8 |
2020-09-03 | CVE-2020-25121 | Cross-site Scripting vulnerability in Vbulletin 5.6.3 The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. | 4.8 |
2020-09-03 | CVE-2020-25120 | Cross-site Scripting vulnerability in Vbulletin 5.6.3 The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. | 4.8 |
2020-09-03 | CVE-2020-25119 | Cross-site Scripting vulnerability in Vbulletin 5.6.3 The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. | 4.8 |
2020-09-03 | CVE-2020-25118 | Cross-site Scripting vulnerability in Vbulletin 5.6.3 The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. | 4.8 |