Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vbulletin | Jelsoft | 3.0.0 (including) | 3.0.0 (including) |
Vbulletin | Jelsoft | 3.0.0_can4 (including) | 3.0.0_can4 (including) |