Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

vBulletin < 2.3.6, 3.0.x < 3.0.6 XSS Vulnerability

🗓️ 03 Nov 2005 00:00:00Reported by Copyright (C) 2005 David MaciejakType 
openvas
 openvas🔗 plugins.openvas.org👁 16 Views

vBulletin < 2.3.6, 3.0.x < 3.0.6 XSS Vulnerability due to improper URI input validatio

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
# SPDX-FileCopyrightText: 2005 David Maciejak
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:vbulletin:vbulletin";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.16280");
  script_version("2024-02-26T14:36:40+0000");
  script_tag(name:"last_modification", value:"2024-02-26 14:36:40 +0000 (Mon, 26 Feb 2024)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_xref(name:"OSVDB", value:"13150");
  script_tag(name:"cvss_base", value:"2.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:N/I:P/A:N");
  script_name("vBulletin < 2.3.6, 3.0.x < 3.0.6 XSS Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2005 David Maciejak");
  script_family("Web application abuses");
  script_dependencies("vbulletin_detect.nasl");
  script_mandatory_keys("vbulletin/detected");

  script_tag(name:"summary", value:"vBulletin is vulnerable to a cross-site scripting (XSS) issue,
  due to a failure of the application to properly sanitize user-supplied URI input.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"impact", value:"As a result of this vulnerability, it is possible for a remote
  attacker to create a malicious link containing script code that will be executed in the browser of
  an unsuspecting user when followed.

  This may facilitate the theft of cookie-based authentication credentials as well as other
  attacks.");

  script_tag(name:"affected", value:"vBulletin versions prior to 2.3.6 and 3.0.x prior to 3.0.6.");

  script_tag(name:"solution", value:"Update to version 2.3.6, 3.0.6 or later.");

  script_tag(name:"qod_type", value:"remote_banner");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!port = get_app_port(cpe:CPE))
  exit(0);

if(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];

if(version_is_less(version:vers, test_version:"2.3.6") ||
   version_in_range(version:vers, test_version:"3.0.0", test_version2:"3.0.5")) {
  report = report_fixed_ver(installed_version:vers, fixed_version:"2.3.6/3.0.6", install_path:path);
  security_message(data:report, port:port);
  exit(0);
}

exit(99);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
03 Nov 2005 00:00Current
6.2Medium risk
Vulners AI Score6.2
vbulletinxssvulnerabilityuri inputremote attackerscript codecookie-based authenticationsecurity update
16
.json
Report