4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.7 Medium
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.2%
Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.
secunia.com/advisories/19100
www.kapda.ir/advisory-266.html
www.osvdb.org/23614
www.securityfocus.com/archive/1/426537/100/0/threaded
www.securityfocus.com/archive/1/426589/100/0/threaded
www.securityfocus.com/bid/16919
www.vbulletin.com/forum/showthread.php?postid=1079030
www.vupen.com/english/advisories/2006/0808