CVE-2026-35054

XenForo before 2.3.9 is vulnerable to stored cross-site scripting XSS related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content...

CVE-2026-35054

XenForo before 2.3.9 is vulnerable to stored cross-site scripting XSS related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content...

Xenforo 跨站脚本漏洞

Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.3.9 had a cross-site scripting vulnerability. This vulnerability stemmed from the BB code rendering, which contained a stored-cross-site scripting flaw, potentially allowing attackers to inject malicious...

XenForo 2.2.15 Cross Site Request Forgery Vulnerability

------------------------------------------------------------------------------- XenForo = 2.2.15 Widget::actionSave Cross-Site Request Forgery Vulnerability ------------------------------------------------------------------------------- - Software Link: https://xenforo.com - Affected Versions:...

phpBB: CSS injection via BB code tag "█████"

The input to the "█████" BBcode tag is not properly filtered. It gets converted into a CSS style attribute for a span HTML element. Quotes " are removed, so there's no way to break out of the CSS style attributed. However it is possible to arbitrarily dress the resulting span element. To illustra...

vBulletin BB Code Script Insertion Vulnerability

No description provided by source. vBulletin 3.x / 4.x MaXe has reported a vulnerability in vBulletin, which can be exploited by malicious users to conduct script insertion attacks. The vulnerability exists in the parsing of BB Code when creating content that uses custom tags. This can be exploit...

vBulletin adminCP Cross-Site Scripting

No description provided by source. .::vBulletin adminCP Cross-Site Scripting ::. Exploit Title: vBulletin adminCP Cross-Site Scripting Date: 2009 Author: Ashiyane Digital Security Members Cair3x Software Link: http://www.vbulletin.com/ Version: 3.8.4 and all Version Tested on: vBulletin 3.8.4 CVE...

vBulletin adminCP Cross Site Scripting

.::vBulletin adminCP Cross-Site Scripting ::. Exploit Title: vBulletin adminCP Cross-Site Scripting Date: 2009 Author: Ashiyane Digital Security Members Cair3x Software Link: http://www.vbulletin.com/ Version: 3.8.4 and all Version Tested on: vBulletin 3.8.4 CVE : Code : -::Forum Manager = Add Ne...

CVE-2007-0830

Multiple cross-site scripting XSS vulnerabilities in the Admin Control Panel AdminCP in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the 1 User Group Manager, 2 User Rank Manager, 3 User Title Manager, ...

CVE-2007-0830

Multiple cross-site scripting XSS vulnerabilities in the Admin Control Panel AdminCP in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the 1 User Group Manager, 2 User Rank Manager, 3 User Title Manager, ...

PT-2007-2273 · Vbulletin · Vbulletin

Name of the Vulnerable Software and Affected Versions: vBulletin version 3.6.4 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the Admin Control Panel AdminCP of vBulletin. These vulnerabilities allow remote authenticated administrators to inject arbitrary web...

VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability

VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker could exploit this vulnerability to have arbitrary script code execute in the...

CVE-2005-1592

CVE-2005-1592 affects BirdBlog versions before 1.3.1, where multiple javascript vulnerabilities in BBCode allow remote attackers to inject arbitrary JavaScript. The issue is documented across multiple feeds (NVD/Red Hat/CVE) with the same description. No exploit details are provided in the connec...