Show filters
100 Total Results
Displaying 11-20 of 100
Sort by:
Attacker Value
Unknown

CVE-2020-25115

Disclosure Date: September 03, 2020 (last updated November 28, 2024)
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-25122

Disclosure Date: September 03, 2020 (last updated November 28, 2024)
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-25116

Disclosure Date: September 03, 2020 (last updated November 28, 2024)
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-25120

Disclosure Date: September 03, 2020 (last updated November 28, 2024)
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-25124

Disclosure Date: September 03, 2020 (last updated November 28, 2024)
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17271

Disclosure Date: October 08, 2019 (last updated November 27, 2024)
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-17131

Disclosure Date: October 04, 2019 (last updated November 27, 2024)
vBulletin before 5.5.4 allows clickjacking.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17130

Disclosure Date: October 04, 2019 (last updated November 27, 2024)
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-17132

Disclosure Date: October 04, 2019 (last updated November 27, 2024)
vBulletin through 5.5.4 mishandles custom avatars.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-16759

Disclosure Date: September 24, 2019 (last updated November 27, 2024)
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >