4.3

CVE-2005-4621

Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg.

Data is provided by the National Vulnerability Database (NVD)
JelsoftVbulletin Version1.0.1 Editionlite
JelsoftVbulletin Version2.0.3
JelsoftVbulletin Version2.0_rc2
JelsoftVbulletin Version2.0_rc3
JelsoftVbulletin Version2.2.0
JelsoftVbulletin Version2.2.1
JelsoftVbulletin Version2.2.2
JelsoftVbulletin Version2.2.3
JelsoftVbulletin Version2.2.4
JelsoftVbulletin Version2.2.5
JelsoftVbulletin Version2.2.6
JelsoftVbulletin Version2.2.7
JelsoftVbulletin Version2.2.8
JelsoftVbulletin Version2.2.9
JelsoftVbulletin Version2.3.0
JelsoftVbulletin Version2.3.2
JelsoftVbulletin Version2.3.3
JelsoftVbulletin Version2.3.4
JelsoftVbulletin Version2.3.8
JelsoftVbulletin Version3.0
JelsoftVbulletin Version3.0.1
JelsoftVbulletin Version3.0.2
JelsoftVbulletin Version3.0.3
JelsoftVbulletin Version3.0.4
JelsoftVbulletin Version3.0.5
JelsoftVbulletin Version3.0.6
JelsoftVbulletin Version3.0.7
JelsoftVbulletin Version3.0.8
JelsoftVbulletin Version3.0.9
JelsoftVbulletin Version3.0.10
JelsoftVbulletin Version3.0_beta_2
JelsoftVbulletin Version3.0_beta_3
JelsoftVbulletin Version3.0_beta_4
JelsoftVbulletin Version3.0_beta_5
JelsoftVbulletin Version3.0_beta_6
JelsoftVbulletin Version3.0_beta_7
JelsoftVbulletin Version3.0_gamma
JelsoftVbulletin Version3.5.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.35% 0.541
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N