Vulnerabilities > Vbulletin > Vbulletin > 3.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-12-31 | CVE-2011-5251 | Improper Input Validation vulnerability in Vbulletin Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. | 5.8 |
2012-08-14 | CVE-2012-4328 | Security vulnerability in Vbulletin Mapi, Vbulletin Forum and Vbulletin Suite Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors. | 10.0 |
2008-07-15 | CVE-2008-3184 | Cross-Site Scripting vulnerability in Vbulletin Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. | 4.3 |