25 matches found
CVE-2020-25116
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager...
CVE-2020-25124
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php=rebuild= URI...
vBulletin 5.6.3 Cross Site Scripting
Exploit Title: vBulletin 5.6.3 - 'group' Cross Site Scripting Date: 05.09.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox & Opera Google Dorks: "Powered by vBulletin® Version 5.6.3" Go to the "Admin CP" -...
vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50935)
vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP in vBulletin 5.6.3. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the Junior Member Title in the User Titl...
CVE-2020-25123
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager...
CVE-2020-25117
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager...
CVE-2020-25121
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options...
CVE-2020-25116
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager...
CVE-2020-25122
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager...
CVE-2020-25118
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager...
Cross site scripting
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager...
Cross site scripting
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual...
Design/Logic Flaw
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager...
Design/Logic Flaw
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager...
Design/Logic Flaw
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager...
Design/Logic Flaw
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options...
Design/Logic Flaw
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager...
CVE-2020-25115
Vulnerability overview: CVE-2020-25115 affects vBulletin 5.6.3 Admin CP, enabling cross-site scripting (XSS) via an Occupation Title or Description in the User Profile Field Manager. Affected component is the Admin CP interface; root cause aligns with input handling in profile field manager allow...
CVE-2020-25116
The CVE-2020-25116 entry identifies a cross-site scripting (XSS) vulnerability in the Admin CP of vBulletin 5.6.3, exploitable via the Announcement Title to Channel Manager. Concrete details in connected documents confirm the affected product/version and the exact vulnerable component (Admin CP/C...
CVE-2020-25117
CVE-2020-25117 affects vBulletin 5.6.3: the Admin CP is vulnerable to cross-site scripting via the Junior Member Title field in the User Title Manager. The public records describe a stored/reflected XSS path within the Admin Control Panel, with CVSS v3.1 base score 4.8 (MEDIUM) and CVSSv2 base sc...