CVE-2004-0620 – vBulletin 3.0.1 - 'newreply.php?WYSIWYG_HTML' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0620
Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en (1) newreply.php o (2) newthread.php en vBulletin 3.0.1 permite a atacantes remotos inyectar HTML arbitrario o script como otros usuarios mediante el panel edición. • https://www.exploit-db.com/exploits/24234 http://marc.info/?l=bugtraq&m=108809720026642&w=2 http://www.securityfocus.com/bid/10602 https://exchange.xforce.ibmcloud.com/vulnerabilities/16502 •
CVE-2003-1031 – vBulletin 3.0 - 'register.php' HTML Injection
https://notcve.org/view.php?id=CVE-2003-1031
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en register.php de vBulletin 3.0 Beta 2 permite a atacantes remotos inyectar HTML arbitrario o script web mediante campos opcionales como (1) "Intereses-Aficiones", (2) "Bigrafía", o (3) "Ocupación". • https://www.exploit-db.com/exploits/22990 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html •
CVE-2004-0091
https://notcve.org/view.php?id=CVE-2004-0091
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft. ** DISPUTADA ** NOTA: Este caso ha sido disputado por el fabricante. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en register.php de versiones desconocidas de vBulletin permite a atacantes remotos inyectar HTML arbitrario o script web mediante el parámetro reg_site. NOTA: El fabricante dice "No hay ningún campo oculto llamado "reg_site", ni ninguna variable "reg_site" en el código fuente de vBulletin 2 o vBulletin 3 o sus plantillas, ni nunca lo existido. • http://marc.info/?l=bugtraq&m=107462349324945&w=2 http://marc.info/?l=vuln-dev&m=107462499927040&w=2 http://marc.info/?l=vuln-dev&m=107478592401619&w=2 http://marc.info/?l=vuln-dev&m=107488880317647&w=2 http://securitytracker.com/id? •
CVE-2004-0036
https://notcve.org/view.php?id=CVE-2004-0036
SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. Vulnerabilidad de inyección de SQL en calendar.php de vBulletin Forum 2.3.x permite a atacantes remotos robar información sensible mediante el parámetro eventid • http://marc.info/?l=bugtraq&m=107340358202123&w=2 http://www.osvdb.org/3344 http://www.securityfocus.com/bid/9360 http://www.vbulletin.com/forum/showthread.php?postid=588825 https://exchange.xforce.ibmcloud.com/vulnerabilities/14144 •
CVE-2003-0295 – vBulletin 3.0 - Private Message HTML Injection
https://notcve.org/view.php?id=CVE-2003-0295
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability. Vulnerabilidad de secuencias de comandos en sitios cruzados en private.php for vBulletin 3.0.0 Beta 2 permite que atacantes remotos inyecten script web arbitrario y HTML mediante la funcionalidad "Preview Message". • https://www.exploit-db.com/exploits/22599 http://marc.info/?l=bugtraq&m=105292832607981&w=2 http://marc.info/?l=bugtraq&m=105293890422210&w=2 •