← Back

CVE-2006-3253

nvd nist
Published: Jun 28, 2006Modified: Apr 16, 2026

JSON object

Loading...
2.6
Vector
AV:N/AC:H/Au:N/C:N/I:P/A:N
Exploitability: 4.9 / Impact: 2.9
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer.

Affected (11)

Products: Jelsoft: Vbulletin
Jelsoft
1 product
Vbulletin
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Jelsoft
Vbulletin
Version 3.5.0
Vbulletin
Version 3.5.0_beta_1
Vbulletin
Version 3.5.0_beta_2
Vbulletin
Version 3.5.0_beta_3
Vbulletin
Version 3.5.0_beta_4
Vbulletin
Version 3.5.0_rc1
Vbulletin
Version 3.5.0_rc2
Vbulletin
Version 3.5.0_rc3
Vbulletin
Version 3.5.1
Vbulletin
Version 3.5.2
Vbulletin
Version 3.5.3

References (14)

Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.