Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vbulletin
(Vbulletin)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 47 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-09-03 | CVE-2020-25121 | The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. | Vbulletin | N/A | ||
2020-09-03 | CVE-2020-25120 | The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. | Vbulletin | N/A | ||
2020-09-03 | CVE-2020-25119 | The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. | Vbulletin | N/A | ||
2020-09-03 | CVE-2020-25118 | The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. | Vbulletin | N/A | ||
2020-09-03 | CVE-2020-25117 | The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. | Vbulletin | N/A | ||
2020-09-03 | CVE-2020-25116 | The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. | Vbulletin | N/A | ||
2020-09-03 | CVE-2020-25115 | The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. | Vbulletin | N/A | ||
2017-12-14 | CVE-2017-17671 | vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. | Vbulletin | N/A | ||
2019-10-04 | CVE-2019-17131 | vBulletin before 5.5.4 allows clickjacking. | Vbulletin | N/A | ||
2019-10-04 | CVE-2019-17130 | vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. | Vbulletin | N/A |