Lucene search

[email protected]CVE-2008-2744

HistoryJun 17, 2008 - 3:41 p.m.

CVE-2008-2744

2008-06-1715:41:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-2744

xss

vbulletin

security vulnerability

web script injection

html injection

remote attack

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an “obscure method.” NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php).

CPENameOperatorVersion
vbulletin:vbulletinvbulletineq3.7.1
vbulletin:vbulletinvbulletineq3.6.10

CPE	Name	Operator	Version
vbulletin:vbulletin	vbulletin	eq	3.7.1
vbulletin:vbulletin	vbulletin	eq	3.6.10

References

secunia.com/advisories/30733

securityreason.com/securityalert/3946

www.securityfocus.com/archive/1/493340/100/0/threaded

www.securityfocus.com/bid/29704

www.securitytracker.com/id?1020322

www.vbulletin.com/forum/showthread.php?t=274882

exchange.xforce.ibmcloud.com/vulnerabilities/43090

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for CVE-2008-2744

prion1 cvelist1