CVE-2005-3020
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/css.php?group' Cross-Site Scripting
Severity Score
6.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
8
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2005-09-21 CVE Reserved
- 2005-09-21 CVE Published
- 2013-06-18 First Exploit
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=112715150320677&w=2 | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22324 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/26278 | 2013-06-18 | |
| https://www.exploit-db.com/exploits/26279 | 2013-06-18 | |
| https://www.exploit-db.com/exploits/26281 | 2013-06-18 | |
| https://www.exploit-db.com/exploits/26282 | 2013-06-18 | |
| https://www.exploit-db.com/exploits/26283 | 2013-06-18 | |
| https://www.exploit-db.com/exploits/26280 | 2013-06-18 | |
| http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt | 2024-08-07 | |
| http://www.securityfocus.com/bid/14874 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/16873 | 2017-07-11 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 1.0.1 Search vendor "Jelsoft" for product "Vbulletin" and version "1.0.1" | lite |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.0.3 Search vendor "Jelsoft" for product "Vbulletin" and version "2.0.3" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.0_rc2 Search vendor "Jelsoft" for product "Vbulletin" and version "2.0_rc2" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.0_rc3 Search vendor "Jelsoft" for product "Vbulletin" and version "2.0_rc3" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.2.0 Search vendor "Jelsoft" for product "Vbulletin" and version "2.2.0" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.2.1 Search vendor "Jelsoft" for product "Vbulletin" and version "2.2.1" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.2.2 Search vendor "Jelsoft" for product "Vbulletin" and version "2.2.2" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.2.3 Search vendor "Jelsoft" for product "Vbulletin" and version "2.2.3" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.2.4 Search vendor "Jelsoft" for product "Vbulletin" and version "2.2.4" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.2.5 Search vendor "Jelsoft" for product "Vbulletin" and version "2.2.5" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.2.6 Search vendor "Jelsoft" for product "Vbulletin" and version "2.2.6" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.2.7 Search vendor "Jelsoft" for product "Vbulletin" and version "2.2.7" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.2.8 Search vendor "Jelsoft" for product "Vbulletin" and version "2.2.8" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.2.9 Search vendor "Jelsoft" for product "Vbulletin" and version "2.2.9" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.3.0 Search vendor "Jelsoft" for product "Vbulletin" and version "2.3.0" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.3.2 Search vendor "Jelsoft" for product "Vbulletin" and version "2.3.2" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.3.3 Search vendor "Jelsoft" for product "Vbulletin" and version "2.3.3" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 2.3.4 Search vendor "Jelsoft" for product "Vbulletin" and version "2.3.4" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0.1 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0.1" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0.2 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0.2" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0.3 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0.3" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0.4 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0.4" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0.5 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0.5" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0.6 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0.6" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0.7 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0.7" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0.8 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0.8" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0.9 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0.9" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0_beta_2 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0_beta_2" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0_beta_3 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0_beta_3" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0_beta_4 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0_beta_4" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0_beta_5 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0_beta_5" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0_beta_6 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0_beta_6" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0_beta_7 Search vendor "Jelsoft" for product "Vbulletin" and version "3.0_beta_7" | - |
Affected
| ||||||
| Jelsoft Search vendor "Jelsoft" | Vbulletin Search vendor "Jelsoft" for product "Vbulletin" | 3.0_gamma Search vendor "Jelsoft" for product "Vbulletin" and version "3.0_gamma" | - |
Affected
| ||||||