CVE-2004-1823 – vBulletin 3.0 - 'forumdisplay.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1823
Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php. • https://www.exploit-db.com/exploits/23822 https://www.exploit-db.com/exploits/23823 http://marc.info/?l=bugtraq&m=107945556112453&w=2 http://secunia.com/advisories/11142 http://securitytracker.com/id?1009440 http://www.osvdb.org/4310 http://www.osvdb.org/4311 http://www.securityfocus.com/bid/9888 http://www.securityfocus.com/bid/9889 https://exchange.xforce.ibmcloud.com/vulnerabilities/15495 •
CVE-2004-2288 – vBulletin 1.0/2.x/3.0 - 'index.php' User Interface Spoofing
https://notcve.org/view.php?id=CVE-2004-2288
Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. • https://www.exploit-db.com/exploits/24124 http://www.infosecurity.org.cn/article/hacker/exploit/16557.html http://www.securityfocus.com/bid/10362 •
CVE-2003-1031 – vBulletin 3.0 - 'register.php' HTML Injection
https://notcve.org/view.php?id=CVE-2003-1031
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en register.php de vBulletin 3.0 Beta 2 permite a atacantes remotos inyectar HTML arbitrario o script web mediante campos opcionales como (1) "Intereses-Aficiones", (2) "Bigrafía", o (3) "Ocupación". • https://www.exploit-db.com/exploits/22990 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html •
CVE-2004-0091
https://notcve.org/view.php?id=CVE-2004-0091
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft. ** DISPUTADA ** NOTA: Este caso ha sido disputado por el fabricante. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en register.php de versiones desconocidas de vBulletin permite a atacantes remotos inyectar HTML arbitrario o script web mediante el parámetro reg_site. NOTA: El fabricante dice "No hay ningún campo oculto llamado "reg_site", ni ninguna variable "reg_site" en el código fuente de vBulletin 2 o vBulletin 3 o sus plantillas, ni nunca lo existido. • http://marc.info/?l=bugtraq&m=107462349324945&w=2 http://marc.info/?l=vuln-dev&m=107462499927040&w=2 http://marc.info/?l=vuln-dev&m=107478592401619&w=2 http://marc.info/?l=vuln-dev&m=107488880317647&w=2 http://securitytracker.com/id? •