← Back

CVE-2005-3023

nvd nist
Published: Sep 21, 2005Modified: Apr 16, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php.

Affected (35)

Products: Jelsoft: Vbulletin
Jelsoft
1 product
Vbulletin
Configuration A
35 vulnerable
Vulnerable SoftwareAffected Versions
Jelsoft
Vbulletin
Version 1.0.1
Vbulletin
Version 2.0.3
Vbulletin
Version 2.0_rc2
Vbulletin
Version 2.0_rc3
Vbulletin
Version 2.2.0
Vbulletin
Version 2.2.1
Vbulletin
Version 2.2.2
Vbulletin
Version 2.2.3
Vbulletin
Version 2.2.4
Vbulletin
Version 2.2.5
Vbulletin
Version 2.2.6
Vbulletin
Version 2.2.7
Vbulletin
Version 2.2.8
Vbulletin
Version 2.2.9
Vbulletin
Version 2.3.0
Vbulletin
Version 2.3.2
Vbulletin
Version 2.3.3
Vbulletin
Version 2.3.4
Vbulletin
Version 3.0.1
Vbulletin
Version 3.0.2
Vbulletin
Version 3.0.3
Vbulletin
Version 3.0.4
Vbulletin
Version 3.0.5
Vbulletin
Version 3.0.6
Vbulletin
Version 3.0.7
Vbulletin
Version 3.0.8
Vbulletin
Version 3.0.9
Vbulletin
Version 3.0
Vbulletin
Version 3.0_beta_2
Vbulletin
Version 3.0_beta_3
Vbulletin
Version 3.0_beta_4
Vbulletin
Version 3.0_beta_5
Vbulletin
Version 3.0_beta_6
Vbulletin
Version 3.0_beta_7
Vbulletin
Version 3.0_gamma

References (4)

Source: cve@mitre.org
Source: cve@mitre.org
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory

Timeline

No history available yet.