Vulnerabilities > Vbulletin

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-03	CVE-2020-25117	Cross-site Scripting vulnerability in Vbulletin 5.6.3 The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. network low complexity vbulletin CWE-79	4.8
2020-09-03	CVE-2020-25116	Cross-site Scripting vulnerability in Vbulletin 5.6.3 The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. network low complexity vbulletin CWE-79	4.8
2020-09-03	CVE-2020-25115	Cross-site Scripting vulnerability in Vbulletin 5.6.3 The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. network low complexity vbulletin CWE-79	4.8
2020-08-12	CVE-2020-17496	Injection vulnerability in Vbulletin vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. network low complexity vbulletin CWE-74 critical	9.8
2020-05-08	CVE-2020-12720	Missing Authentication for Critical Function vulnerability in Vbulletin vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. network low complexity vbulletin CWE-306 critical	9.8
2019-10-08	CVE-2019-17271	SQL Injection vulnerability in Vbulletin vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. network low complexity vbulletin CWE-89	4.9
2019-10-04	CVE-2019-17132	Improper Input Validation vulnerability in Vbulletin vBulletin through 5.5.4 mishandles custom avatars. network low complexity vbulletin CWE-20 critical	9.8
2019-10-04	CVE-2019-17131	Improper Restriction of Rendered UI Layers or Frames vulnerability in Vbulletin vBulletin before 5.5.4 allows clickjacking. network low complexity vbulletin CWE-1021	4.3
2019-10-04	CVE-2019-17130	Files or Directories Accessible to External Parties vulnerability in Vbulletin vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. network low complexity vbulletin CWE-552	6.5
2019-09-24	CVE-2019-16759	Code Injection vulnerability in Vbulletin vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. network low complexity vbulletin CWE-94 critical	9.8

Vulnerabilities > Vbulletin {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Vbulletin"}]}

Vulnerabilities > Vbulletin