CVE-2002-2235

CVE-2002-2235 affects vBulletin 2.2.9 and earlier, where member2.php mishandles the $perpage parameter by not enforcing an integer type. This can cause an error message to be reflected back to the user without quoting, facilitating cross-site scripting (XSS) and potentially other attacks. Connect...

CVE-2002-2235

member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting XSS and possibly other attacks...