Vulnerabilities > Vbulletin > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-08-22 | CVE-2008-3773 | Cross-Site Scripting vulnerability in Vbulletin 3.6.10/3.7.2 Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]). | 4.3 |
2008-07-15 | CVE-2008-3184 | Cross-Site Scripting vulnerability in Vbulletin Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. | 4.3 |
2008-06-17 | CVE-2008-2744 | Cross-Site Scripting vulnerability in Vbulletin 3.6.10/3.7.1 Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an "obscure method." NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php). | 4.3 |