Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-03	CVE-2020-25115	Cross-site Scripting vulnerability in Vbulletin 5.6.3 The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. network low complexity vbulletin CWE-79	4.8
2019-10-08	CVE-2019-17271	SQL Injection vulnerability in Vbulletin vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. network low complexity vbulletin CWE-89	4.9
2019-10-04	CVE-2019-17131	Improper Restriction of Rendered UI Layers or Frames vulnerability in Vbulletin vBulletin before 5.5.4 allows clickjacking. network low complexity vbulletin CWE-1021	4.3
2019-10-04	CVE-2019-17130	Files or Directories Accessible to External Parties vulnerability in Vbulletin vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. network low complexity vbulletin CWE-552	6.5
2018-10-17	CVE-2018-15493	Open Redirect vulnerability in Vbulletin 5.4.3 vBulletin 5.4.3 has an Open Redirect. network low complexity vbulletin CWE-601	6.1
2018-01-25	CVE-2018-6200	Open Redirect vulnerability in Vbulletin vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. network low complexity vbulletin CWE-601	6.1
2017-09-19	CVE-2015-3419	Improper Input Validation vulnerability in Vbulletin vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure. network low complexity vbulletin CWE-20	6.5
2017-08-28	CVE-2014-9469	Cross-site Scripting vulnerability in Vbulletin Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3. network low complexity vbulletin CWE-79	6.1