CVE-2008-3773

2008-08-22T12:41:00
ID CVE-2008-3773
Type cve
Reporter NVD
Modified 2017-08-07T21:32:09

Description

Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).