Page 10 of 55 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en register.php de vBulletin 3.0 Beta 2 permite a atacantes remotos inyectar HTML arbitrario o script web mediante campos opcionales como (1) "Intereses-Aficiones", (2) "Bigrafía", o (3) "Ocupación". • https://www.exploit-db.com/exploits/22990 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft. ** DISPUTADA ** NOTA: Este caso ha sido disputado por el fabricante. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en register.php de versiones desconocidas de vBulletin permite a atacantes remotos inyectar HTML arbitrario o script web mediante el parámetro reg_site. NOTA: El fabricante dice "No hay ningún campo oculto llamado "reg_site", ni ninguna variable "reg_site" en el código fuente de vBulletin 2 o vBulletin 3 o sus plantillas, ni nunca lo existido. • http://marc.info/?l=bugtraq&m=107462349324945&w=2 http://marc.info/?l=vuln-dev&m=107462499927040&w=2 http://marc.info/?l=vuln-dev&m=107478592401619&w=2 http://marc.info/?l=vuln-dev&m=107488880317647&w=2 http://securitytracker.com/id? •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0

SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. Vulnerabilidad de inyección de SQL en calendar.php de vBulletin Forum 2.3.x permite a atacantes remotos robar información sensible mediante el parámetro eventid • http://marc.info/?l=bugtraq&m=107340358202123&w=2 http://www.osvdb.org/3344 http://www.securityfocus.com/bid/9360 http://www.vbulletin.com/forum/showthread.php?postid=588825 https://exchange.xforce.ibmcloud.com/vulnerabilities/14144 •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability. Vulnerabilidad de secuencias de comandos en sitios cruzados en private.php for vBulletin 3.0.0 Beta 2 permite que atacantes remotos inyecten script web arbitrario y HTML mediante la funcionalidad "Preview Message". • https://www.exploit-db.com/exploits/22599 http://marc.info/?l=bugtraq&m=105292832607981&w=2 http://marc.info/?l=bugtraq&m=105293890422210&w=2 •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 3

Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables. • https://www.exploit-db.com/exploits/21946 http://archives.neohapsis.com/archives/bugtraq/2002-10/0272.html http://www.iss.net/security_center/static/10407.php http://www.securityfocus.com/bid/5997 •