CVE-2005-3020

Published: Sep 21, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php.

Affected (35)

Products: Jelsoft: Vbulletin

Jelsoft

1 product

Vbulletin

Configuration A

35 vulnerable

Vulnerable Software	Affected Versions
Jelsoft Vbulletin	Version 1.0.1
Jelsoft Vbulletin	Version 2.0.3
Jelsoft Vbulletin	Version 2.0_rc2
Jelsoft Vbulletin	Version 2.0_rc3
Jelsoft Vbulletin	Version 2.2.0
Jelsoft Vbulletin	Version 2.2.1
Jelsoft Vbulletin	Version 2.2.2
Jelsoft Vbulletin	Version 2.2.3
Jelsoft Vbulletin	Version 2.2.4
Jelsoft Vbulletin	Version 2.2.5
Jelsoft Vbulletin	Version 2.2.6
Jelsoft Vbulletin	Version 2.2.7
Jelsoft Vbulletin	Version 2.2.8
Jelsoft Vbulletin	Version 2.2.9
Jelsoft Vbulletin	Version 2.3.0
Jelsoft Vbulletin	Version 2.3.2
Jelsoft Vbulletin	Version 2.3.3
Jelsoft Vbulletin	Version 2.3.4
Jelsoft Vbulletin	Version 3.0.1
Jelsoft Vbulletin	Version 3.0.2
Jelsoft Vbulletin	Version 3.0.3
Jelsoft Vbulletin	Version 3.0.4
Jelsoft Vbulletin	Version 3.0.5
Jelsoft Vbulletin	Version 3.0.6
Jelsoft Vbulletin	Version 3.0.7
Jelsoft Vbulletin	Version 3.0.8
Jelsoft Vbulletin	Version 3.0.9
Jelsoft Vbulletin	Version 3.0
Jelsoft Vbulletin	Version 3.0_beta_2
Jelsoft Vbulletin	Version 3.0_beta_3
Jelsoft Vbulletin	Version 3.0_beta_4
Jelsoft Vbulletin	Version 3.0_beta_5
Jelsoft Vbulletin	Version 3.0_beta_6
Jelsoft Vbulletin	Version 3.0_beta_7
Jelsoft Vbulletin	Version 3.0_gamma