Search
Total
17 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25121 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. | |||||
| CVE-2020-25117 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. | |||||
| CVE-2020-25115 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. | |||||
| CVE-2020-25116 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. | |||||
| CVE-2020-25120 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. | |||||
| CVE-2020-25119 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. | |||||
| CVE-2020-25118 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. | |||||
| CVE-2020-25122 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager. | |||||
| CVE-2020-25123 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. | |||||
| CVE-2020-25124 | 1 Vbulletin | 1 Vbulletin | 2020-09-04 | 3.5 LOW | 4.8 MEDIUM |
| The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. | |||||
| CVE-2019-17131 | 1 Vbulletin | 1 Vbulletin | 2019-10-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| vBulletin before 5.5.4 allows clickjacking. | |||||
| CVE-2019-17130 | 1 Vbulletin | 1 Vbulletin | 2019-10-10 | 6.4 MEDIUM | 6.5 MEDIUM |
| vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. | |||||
| CVE-2019-17271 | 1 Vbulletin | 1 Vbulletin | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. | |||||
| CVE-2018-15493 | 1 Vbulletin | 1 Vbulletin | 2018-11-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| vBulletin 5.4.3 has an Open Redirect. | |||||
| CVE-2018-6200 | 1 Vbulletin | 1 Vbulletin | 2018-02-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. | |||||
| CVE-2015-3419 | 1 Vbulletin | 1 Vbulletin | 2017-09-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure. | |||||
| CVE-2014-9469 | 1 Vbulletin | 1 Vbulletin | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3. | |||||