Vulnerabilities > Vbulletin > Vbulletin > 3.5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-16 | CVE-2023-39777 | Cross-site Scripting vulnerability in Vbulletin A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter. | 5.4 |
| 2019-10-08 | CVE-2019-17271 | SQL Injection vulnerability in Vbulletin vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. | 4.0 |
| 2019-10-04 | CVE-2019-17132 | Improper Input Validation vulnerability in Vbulletin vBulletin through 5.5.4 mishandles custom avatars. | 6.8 |
| 2019-10-04 | CVE-2019-17131 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Vbulletin vBulletin before 5.5.4 allows clickjacking. | 4.3 |
| 2019-10-04 | CVE-2019-17130 | Files or Directories Accessible to External Parties vulnerability in Vbulletin vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. | 6.4 |
| 2017-08-28 | CVE-2014-9469 | Cross-site Scripting vulnerability in Vbulletin Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3. | 4.3 |