Vulnerabilities > Vbulletin > Vbulletin > 3.6

DATE CVE VULNERABILITY TITLE RISK
2012-12-31 CVE-2011-5251 Improper Input Validation vulnerability in Vbulletin
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.
network
vbulletin CWE-20
5.8
5.8
2012-08-14 CVE-2012-4328 Security vulnerability in Vbulletin Mapi, Vbulletin Forum and Vbulletin Suite
Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors.
network
low complexity
vbulletin
critical
 10.0
10
2008-07-15 CVE-2008-3184 Cross-Site Scripting vulnerability in Vbulletin
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php.
network
vbulletin CWE-79
4.3
4.3