CVE-2004-2288

Published: Dec 31, 2004Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.

Affected (25)

Products: Jelsoft: Vbulletin

1 product

Configuration A

25 vulnerable

Vulnerable Software	Affected Versions
Jelsoft Vbulletin	Version 1.0.1
Jelsoft Vbulletin	Version 2.0.3
Jelsoft Vbulletin	Version 2.0_rc2
Jelsoft Vbulletin	Version 2.0_rc3
Jelsoft Vbulletin	Version 2.2.0
Jelsoft Vbulletin	Version 2.2.1
Jelsoft Vbulletin	Version 2.2.2
Jelsoft Vbulletin	Version 2.2.3
Jelsoft Vbulletin	Version 2.2.4
Jelsoft Vbulletin	Version 2.2.5
Jelsoft Vbulletin	Version 2.2.6
Jelsoft Vbulletin	Version 2.2.7
Jelsoft Vbulletin	Version 2.2.8
Jelsoft Vbulletin	Version 2.2.9
Jelsoft Vbulletin	Version 2.3.0
Jelsoft Vbulletin	Version 2.3.2
Jelsoft Vbulletin	Version 2.3.3
Jelsoft Vbulletin	Version 2.3.4
Jelsoft Vbulletin	Version 3.0_beta_2
Jelsoft Vbulletin	Version 3.0_beta_3
Jelsoft Vbulletin	Version 3.0_beta_4
Jelsoft Vbulletin	Version 3.0_beta_5
Jelsoft Vbulletin	Version 3.0_beta_6
Jelsoft Vbulletin	Version 3.0_beta_7
Jelsoft Vbulletin	Version 3.0_gamma

References (4)

http://www.infosecurity.org.cn/article/hacker/exploit/16557.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/10362

Source: cve@mitre.org

Exploit

http://www.infosecurity.org.cn/article/hacker/exploit/16557.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/10362

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.