vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50938)

vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP in vBulletin 5.6.3. The vulnerability can be exploited to conduct cross-site scripting attacks via the admincp/search.php?do=dosearch URI...

CVE-2020-25120

The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI...

PT-2015-3657 · WordPress · Wordpress Classifieds Plugin

Name of the Vulnerable Software and Affected Versions: Another WordPress Classifieds Plugin affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a "dosearch" action. This enables attackers to manipulate...

PT-2007-1209 · Rapid · Rapid Classified

Name of the Vulnerable Software and Affected Versions: Rapid Classified version 3.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through various parameters in different scripts,...

ubbthreads.txt

Product: ======== UBB.threads Vendor: ======= UBBCentral http://www.ubbcentral.com/ Versions: ========= I tested it successfull on 3.4.x At Version 3.5 you need to be logged in to perform a search. I didnt tested this version. Problem: ======== Sql-Injection in dosearch.php dosearch.php?Name=' OR...