Lucene search

[email protected]CVE-2007-0830

HistoryFeb 07, 2007 - 10:28 p.m.

CVE-2007-0830

2007-02-0722:28:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-0830

admincp

xss

jelsoft vbulletin 3.6.4

remote authenticated

html injection

security vulnerabilities

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.037 Low

EPSS

Percentile

91.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040

Affected configurations

NVD

Node

jelsoftvbulletinMatch3.6.4

CPENameOperatorVersion
jelsoft:vbulletinjelsoft vbulletineq3.6.4

CPE	Name	Operator	Version
jelsoft:vbulletin	jelsoft vbulletin	eq	3.6.4

References

osvdb.org/35152

secunia.com/advisories/24085

www.securityfocus.com/archive/1/459289/100/0/threaded

www.securityfocus.com/archive/1/459367/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/32268

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.037 Low

EPSS

Percentile

91.8%

JSON

Related for CVE-2007-0830

prion2 nvd3 cvelist3 cve2 securityvulns1