CVE-2023-39777
https://notcve.org/view.php?id=CVE-2023-39777
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en el Panel de Control de Administración de vBulletin 5.7.5 y 6.0.0 permite a los atacantes ejecutar scripts web o HTML arbitrarias a través del parámetro de URL /login.php?do=login. • https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-25115
https://notcve.org/view.php?id=CVE-2020-25115
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. El Admin CP en vBulletin versión 5.6.3, permite un ataque de tipo XSS por medio de un título Occupation o Description en User Profile Field Manager • https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-25116
https://notcve.org/view.php?id=CVE-2020-25116
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. El Admin CP en vBulletin versión 5.6.3, permite un ataque de tipo XSS por medio de un Título Announcement en Channel Manager • https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-25117
https://notcve.org/view.php?id=CVE-2020-25117
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. El Admin CP en vBulletin versión 5.6.3, permite un ataque de tipo XSS por medio de un Título Junior Member en User Title Manager • https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-25118
https://notcve.org/view.php?id=CVE-2020-25118
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. El Admin CP en vBulletin versión 5.6.3, permite un ataque de tipo XSS por medio de un Título Style Options Settings en Styles Manager • https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •