Vulnerabilities > Vbulletin > Vbulletin > 5.6.3

DATE CVE VULNERABILITY TITLE RISK
2023-09-16 CVE-2023-39777 Cross-site Scripting vulnerability in Vbulletin
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.
network
low complexity
vbulletin CWE-79
5.4
5.4
2020-09-03 CVE-2020-25124 Cross-site Scripting vulnerability in Vbulletin 5.6.3
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.
network
vbulletin CWE-79
3.5
3.5
2020-09-03 CVE-2020-25123 Cross-site Scripting vulnerability in Vbulletin 5.6.3
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager.
network
vbulletin CWE-79
3.5
3.5
2020-09-03 CVE-2020-25122 Cross-site Scripting vulnerability in Vbulletin 5.6.3
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.
network
vbulletin CWE-79
3.5
3.5
2020-09-03 CVE-2020-25121 Cross-site Scripting vulnerability in Vbulletin 5.6.3
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options.
network
vbulletin CWE-79
3.5
3.5
2020-09-03 CVE-2020-25120 Cross-site Scripting vulnerability in Vbulletin 5.6.3
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.
network
vbulletin CWE-79
3.5
3.5
2020-09-03 CVE-2020-25119 Cross-site Scripting vulnerability in Vbulletin 5.6.3
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.
network
vbulletin CWE-79
3.5
3.5
2020-09-03 CVE-2020-25118 Cross-site Scripting vulnerability in Vbulletin 5.6.3
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.
network
vbulletin CWE-79
3.5
3.5
2020-09-03 CVE-2020-25117 Cross-site Scripting vulnerability in Vbulletin 5.6.3
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
network
vbulletin CWE-79
3.5
3.5
2020-09-03 CVE-2020-25116 Cross-site Scripting vulnerability in Vbulletin 5.6.3
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
network
vbulletin CWE-79
3.5
3.5