Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Vbulletin Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 17 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25121 1 Vbulletin 1 Vbulletin 2020-09-04 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options.
CVE-2020-25117 1 Vbulletin 1 Vbulletin 2020-09-04 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
CVE-2020-25115 1 Vbulletin 1 Vbulletin 2020-09-04 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
CVE-2020-25116 1 Vbulletin 1 Vbulletin 2020-09-04 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
CVE-2020-25120 1 Vbulletin 1 Vbulletin 2020-09-04 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.
CVE-2020-25119 1 Vbulletin 1 Vbulletin 2020-09-04 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.
CVE-2020-25118 1 Vbulletin 1 Vbulletin 2020-09-04 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.
CVE-2020-25122 1 Vbulletin 1 Vbulletin 2020-09-04 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.
CVE-2020-25123 1 Vbulletin 1 Vbulletin 2020-09-04 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager.
CVE-2020-25124 1 Vbulletin 1 Vbulletin 2020-09-04 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.
CVE-2019-17131 1 Vbulletin 1 Vbulletin 2019-10-11 4.3 MEDIUM 4.3 MEDIUM
vBulletin before 5.5.4 allows clickjacking.
CVE-2019-17130 1 Vbulletin 1 Vbulletin 2019-10-10 6.4 MEDIUM 6.5 MEDIUM
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
CVE-2019-17271 1 Vbulletin 1 Vbulletin 2019-10-09 4.0 MEDIUM 4.9 MEDIUM
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
CVE-2018-15493 1 Vbulletin 1 Vbulletin 2018-11-30 5.8 MEDIUM 6.1 MEDIUM
vBulletin 5.4.3 has an Open Redirect.
CVE-2018-6200 1 Vbulletin 1 Vbulletin 2018-02-08 5.8 MEDIUM 6.1 MEDIUM
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
CVE-2015-3419 1 Vbulletin 1 Vbulletin 2017-09-26 4.0 MEDIUM 6.5 MEDIUM
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.
CVE-2014-9469 1 Vbulletin 1 Vbulletin 2017-09-01 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3.