4.3
CVE-2006-1040
- EPSS 2.54%
- Veröffentlicht 07.03.2006 11:02:00
- Zuletzt bearbeitet 16.06.2026 22:21:54
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.54% | 0.829 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
http://secunia.com/advisories/19100
http://www.kapda.ir/advisory-266.html
http://www.osvdb.org/23614
http://www.securityfocus.com/archive/1/426537/100/0/threaded
http://www.securityfocus.com/archive/1/426589/100/0/threaded
http://www.securityfocus.com/bid/16919
http://www.vbulletin.com/forum/showthread.php?postid=1079030
http://www.vupen.com/english/advisories/2006/0808