CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 2CVE-2004-2288 – vBulletin 1.0/2.x/3.0 - 'index.php' User Interface Spoofing
https://notcve.org/view.php?id=CVE-2004-2288
Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. • https://www.exploit-db.com/exploits/24124 http://www.infosecurity.org.cn/article/hacker/exploit/16557.html http://www.securityfocus.com/bid/10362 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2004-0620 – vBulletin 3.0.1 - 'newreply.php?WYSIWYG_HTML' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-0620
Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en (1) newreply.php o (2) newthread.php en vBulletin 3.0.1 permite a atacantes remotos inyectar HTML arbitrario o script como otros usuarios mediante el panel edición. • https://www.exploit-db.com/exploits/24234 http://marc.info/?l=bugtraq&m=108809720026642&w=2 http://www.securityfocus.com/bid/10602 https://exchange.xforce.ibmcloud.com/vulnerabilities/16502 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0091
https://notcve.org/view.php?id=CVE-2004-0091
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft. ** DISPUTADA ** NOTA: Este caso ha sido disputado por el fabricante. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en register.php de versiones desconocidas de vBulletin permite a atacantes remotos inyectar HTML arbitrario o script web mediante el parámetro reg_site. NOTA: El fabricante dice "No hay ningún campo oculto llamado "reg_site", ni ninguna variable "reg_site" en el código fuente de vBulletin 2 o vBulletin 3 o sus plantillas, ni nunca lo existido. • http://marc.info/?l=bugtraq&m=107462349324945&w=2 http://marc.info/?l=vuln-dev&m=107462499927040&w=2 http://marc.info/?l=vuln-dev&m=107478592401619&w=2 http://marc.info/?l=vuln-dev&m=107488880317647&w=2 http://securitytracker.com/id? •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2003-1031 – vBulletin 3.0 - 'register.php' HTML Injection
https://notcve.org/view.php?id=CVE-2003-1031
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en register.php de vBulletin 3.0 Beta 2 permite a atacantes remotos inyectar HTML arbitrario o script web mediante campos opcionales como (1) "Intereses-Aficiones", (2) "Bigrafía", o (3) "Ocupación". • https://www.exploit-db.com/exploits/22990 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0295 – vBulletin 3.0 - Private Message HTML Injection
https://notcve.org/view.php?id=CVE-2003-0295
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability. Vulnerabilidad de secuencias de comandos en sitios cruzados en private.php for vBulletin 3.0.0 Beta 2 permite que atacantes remotos inyecten script web arbitrario y HTML mediante la funcionalidad "Preview Message". • https://www.exploit-db.com/exploits/22599 http://marc.info/?l=bugtraq&m=105292832607981&w=2 http://marc.info/?l=bugtraq&m=105293890422210&w=2 •