CVE-2026-9357 vBulletin Login cross site scripting

A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. VulDB is withholding an extended...

CVE-2026-9357

A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. VulDB is withholding an extended...

EUVD-2026-31572

A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. VulDB is withholding an extended...

CVE-2026-9357 vBulletin Login cross site scripting

A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. VulDB is withholding an extended...

vBulletin 代码注入漏洞

vBulletin is an open-source web forum software based on PHP and MySQL developed by vBulletin Inc. Version vBulletin 6.x has a code injection vulnerability, which stems from improper operation of the Login component and may lead to cross-site scripting attacks...

PT-2026-42915

A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. VulDB is withholding an extended...

CVE-2025-46171

vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large buddy list, processing the list can consume excessive memory, exhausting system resources and crashing the forum...

vBulletin replaceAdTemplate Remote Code Execution

This module exploits a design flaw in vBulletin's AJAX API handler and template rendering system, present in versions 5.0.0 through 6.0.3. The vulnerability allows unauthenticated attackers to invoke protected controller methods via the ajax/api/ad/replaceAdTemplate endpoint, due to improper use ...

The vulnerability of the commercial vBulletin web forum, related to improper protection of the alternative path, allows a hacker to execute arbitrary code.

The vulnerability of the commercial vBulletin web forum is related to improper protection of an alternative path. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2025-48828

Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and execute...

Internet Brands vBulletin 安全漏洞

Internet Brands vBulletin is a forum plugin from Internet Brands, Inc. A security vulnerability exists in Internet Brands vBulletin that stems from a template condition that could be abused to execute arbitrary PHP code...

EUVD-2025-28268

Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and execute...

VulnCheck KEV: CVE-2023-25135

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verifyserialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed...

CVE-2023-39777

A cross-site scripting XSS vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter...

vBulletin Cross-Site Scripting Vulnerability

vBulletin is an open source Web forum program based on PHP and MySQL from Internetbrands and vbulletinsolutions in the United States. A security vulnerability exists in vBulletin version 5.7.5, 6.0.0. An attacker can exploit this vulnerability to execute arbitrary Web script or HTML via the...

SUSE CVE-2014-2022

SQL injection vulnerability in includes/api/4/breadcrumbscreate.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request...

The vulnerability of the commercial web forum vBulletin, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.

The vulnerability of the commercial web forum vBulletin relates to the recovery of unreliable data in memory. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code using a specially crafted HTTP request...

Gimmie vBulletin SQL注入漏洞

Gimmie vBulletin is a Gimmie open source forum plugin . Gimmie vBulletin 1.2.2 version of the SQL injection vulnerability , the vulnerability stems from the file triggerreferral.php unknown handling problems , the operation of the parameter referrername will lead to sql injection...

The vulnerability of the vBulletin commercial web forum, related to errors in code generation, allows a hacker to execute arbitrary commands.

The vulnerability of the commercial vBulletin web forum is related to errors in code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created parameter in the ajax/render/widgetphp script...

The vulnerability of the BBCode parser in the vBulletin commercial web forum, related to the lack of protection for the website structure, allows a violator to execute arbitrary JavaScript.

The vulnerability of the BBCode parser in the vBulletin commercial web forum is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript by injecting code into messages using embedded BBCodes...