Lucene search

[email protected]CVE-2004-0091

HistoryFeb 17, 2004 - 5:00 a.m.

CVE-2004-0091

2004-02-1705:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0091

cross-site scripting

xss

vbulletin

remote code injection

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON

NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called ‘reg_site’, nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft.

CPENameOperatorVersion
jelsoft:vbulletinjelsoft vbulletineq3.0_beta_2

CPE	Name	Operator	Version
jelsoft:vbulletin	jelsoft vbulletin	eq	3.0_beta_2

References

marc.info/?l=bugtraq&m=107462349324945&w=2

marc.info/?l=vuln-dev&m=107462499927040&w=2

marc.info/?l=vuln-dev&m=107478592401619&w=2

marc.info/?l=vuln-dev&m=107488880317647&w=2

securitytracker.com/id?1008780

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON