2.6

CVE-2006-3253

Exploit
Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter.  NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JelsoftVbulletin Version3.5.0
JelsoftVbulletin Version3.5.0_beta_1
JelsoftVbulletin Version3.5.0_beta_2
JelsoftVbulletin Version3.5.0_beta_3
JelsoftVbulletin Version3.5.0_beta_4
JelsoftVbulletin Version3.5.0_rc1
JelsoftVbulletin Version3.5.0_rc2
JelsoftVbulletin Version3.5.0_rc3
JelsoftVbulletin Version3.5.1
JelsoftVbulletin Version3.5.2
JelsoftVbulletin Version3.5.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.97% 0.778
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://securityreason.com/securityalert/1155
http://securitytracker.com/id?1016348
Exploit
http://www.osvdb.org/27508
http://www.securityfocus.com/archive/1/437817/100/0/threaded
http://www.securityfocus.com/archive/1/438364/100/100/threaded
http://www.securityfocus.com/bid/18551
https://exchange.xforce.ibmcloud.com/vulnerabilities/27261