Product:

Vbulletin

(Vbulletin)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 47
Date Id Summary Products Score Patch Annotated
2020-09-03 CVE-2020-25121 The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. Vbulletin N/A
2020-09-03 CVE-2020-25120 The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. Vbulletin N/A
2020-09-03 CVE-2020-25119 The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. Vbulletin N/A
2020-09-03 CVE-2020-25118 The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. Vbulletin N/A
2020-09-03 CVE-2020-25117 The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. Vbulletin N/A
2020-09-03 CVE-2020-25116 The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. Vbulletin N/A
2020-09-03 CVE-2020-25115 The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. Vbulletin N/A
2017-12-14 CVE-2017-17671 vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. Vbulletin N/A
2019-10-04 CVE-2019-17131 vBulletin before 5.5.4 allows clickjacking. Vbulletin N/A
2019-10-04 CVE-2019-17130 vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. Vbulletin N/A