CVE Vulnerabilities

CVE-2005-3023

Published: Sep 21, 2005 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php.

Affected Software

Name Vendor Start Version End Version
Vbulletin Jelsoft 2.2.0 2.2.0
Vbulletin Jelsoft 2.0_rc2 2.0_rc2
Vbulletin Jelsoft 3.0.4 3.0.4
Vbulletin Jelsoft 3.0_beta_6 3.0_beta_6
Vbulletin Jelsoft 2.3.0 2.3.0
Vbulletin Jelsoft 2.3.2 2.3.2
Vbulletin Jelsoft 3.0.1 3.0.1
Vbulletin Jelsoft 2.0_rc3 2.0_rc3
Vbulletin Jelsoft 3.0.6 3.0.6
Vbulletin Jelsoft 2.2.1 2.2.1
Vbulletin Jelsoft 2.2.7 2.2.7
Vbulletin Jelsoft 2.0.3 2.0.3
Vbulletin Jelsoft 3.0_beta_7 3.0_beta_7
Vbulletin Jelsoft 3.0.9 3.0.9
Vbulletin Jelsoft 3.0_beta_3 3.0_beta_3
Vbulletin Jelsoft 2.2.4 2.2.4
Vbulletin Jelsoft 3.0_beta_2 3.0_beta_2
Vbulletin Jelsoft 2.2.2 2.2.2
Vbulletin Jelsoft 2.2.5 2.2.5
Vbulletin Jelsoft 2.2.6 2.2.6
Vbulletin Jelsoft 3.0.2 3.0.2
Vbulletin Jelsoft 3.0_gamma 3.0_gamma
Vbulletin Jelsoft 2.2.9 2.2.9
Vbulletin Jelsoft 3.0.7 3.0.7
Vbulletin Jelsoft 3.0.8 3.0.8
Vbulletin Jelsoft 3.0_beta_4 3.0_beta_4
Vbulletin Jelsoft 3.0.3 3.0.3
Vbulletin Jelsoft 1.0.1 1.0.1
Vbulletin Jelsoft 3.0.5 3.0.5
Vbulletin Jelsoft 2.2.8 2.2.8
Vbulletin Jelsoft 2.3.4 2.3.4
Vbulletin Jelsoft 2.2.3 2.2.3
Vbulletin Jelsoft 3.0 3.0
Vbulletin Jelsoft 3.0_beta_5 3.0_beta_5
Vbulletin Jelsoft 2.3.3 2.3.3

References