Lucene search
K

vBulletin 3.5.2 - Event Title HTML Injection

🗓️ 01 Feb 2006 00:00:00Reported by trueend5Type 
exploitpack
 exploitpack
👁 11 Views

vBulletin 3.5.2 HTML Injection vulnerability allows execution of attacker-supplied script code and theft of authentication credentials

Code
source: https://www.securityfocus.com/bid/16116/info

vBulletin is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

This issue is reported to affect vBulletin 3.5.2. Earlier versions may also be affected. 

The following example was provided as Event Title input:

TITLE:--------->Test<script>alert(document.cookie)</script>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Feb 2006 00:00Current
7.6High risk
Vulners AI Score7.6
11