129 matches found
Cross site scripting
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual...
Design/Logic Flaw
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options...
Design/Logic Flaw
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager...
Design/Logic Flaw
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager...
Design/Logic Flaw
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager...
Design/Logic Flaw
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager...
Cross site scripting
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager...
Design/Logic Flaw
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager...
CVE-2020-25115
Vulnerability overview: CVE-2020-25115 affects vBulletin 5.6.3 Admin CP, enabling cross-site scripting (XSS) via an Occupation Title or Description in the User Profile Field Manager. Affected component is the Admin CP interface; root cause aligns with input handling in profile field manager allow...
CVE-2020-25116
The CVE-2020-25116 entry identifies a cross-site scripting (XSS) vulnerability in the Admin CP of vBulletin 5.6.3, exploitable via the Announcement Title to Channel Manager. Concrete details in connected documents confirm the affected product/version and the exact vulnerable component (Admin CP/C...
CVE-2020-25116
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager...
CVE-2020-25117
CVE-2020-25117 affects vBulletin 5.6.3: the Admin CP is vulnerable to cross-site scripting via the Junior Member Title field in the User Title Manager. The public records describe a stored/reflected XSS path within the Admin Control Panel, with CVSS v3.1 base score 4.8 (MEDIUM) and CVSSv2 base sc...
CVE-2020-25117
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager...
CVE-2020-25118
The CVE-2020-25118 entry relates to vBulletin 5.6.3 Admin CP, where the Style Options Settings Title in Styles Manager is susceptible to XSS. Affected component is the Admin CP’s Styles Manager Style Options Settings heading, with the underlying issue enabling cross-site scripting. The NVD provid...
CVE-2020-25118
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager...
CVE-2020-25119
The CVE-2020-25119 entry describes a cross-site scripting (XSS) vulnerability in vBulletin 5.6.3 where an attacker can inject script via the Title of a Child Help Item in the Login/Logoff section of the User Manual in Admin CP. Public references confirm this vulnerability and its presence across ...
CVE-2020-25120
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI...
CVE-2020-25120
The CVE-2020-25120 entry affects vBulletin Admin Control Panel in version 5.6.3, where an XSS vulnerability exists in the admincp/search.php?do=dosearch URI. The vulnerability enables cross‑site scripting with a low overall severity (NVD CVSS v2 base score 3.5; CVSS v3.1 base score 4.8) and impac...
CVE-2020-25121
Affected software: vBulletin 5.6.3 Admin CP. Vulnerability: cross-site scripting (XSS) via the Paid Subscription Email Notification field in the Options. Root cause: input in that field is not properly sanitized, enabling injection in the Admin CP context. Impact: XSS could affect authenticated a...
CVE-2020-25121
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options...