4.3

CVE-2006-1040

Exploit
Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JelsoftVbulletin Version3.0.12
JelsoftVbulletin Version3.5.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.54% 0.829
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/19100
http://www.kapda.ir/advisory-266.html
Patch
Vendor Advisory
Exploit
http://www.osvdb.org/23614
http://www.securityfocus.com/archive/1/426537/100/0/threaded
http://www.securityfocus.com/archive/1/426589/100/0/threaded
http://www.securityfocus.com/bid/16919
http://www.vbulletin.com/forum/showthread.php?postid=1079030
http://www.vupen.com/english/advisories/2006/0808