Vulnerabilities > Vbulletin > Vbulletin > 5.6.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-16 | CVE-2023-39777 | Cross-site Scripting vulnerability in Vbulletin A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter. | 5.4 |
2023-02-03 | CVE-2023-25135 | Deserialization of Untrusted Data vulnerability in Vbulletin 5.6.7/5.6.8/5.6.9 vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. | 9.8 |