Description
Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php.
Exploits (2)
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15495
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/4311
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9888
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1009440
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107945556112453&w=2
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9889
Patch third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11142
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/4310
Scores
EPSS
0.0092
EPSS Percentile
76.0%
Details
Status
published
Products (2)
jelsoft/vbulletin
3.0.0
jelsoft/vbulletin
3.0.0_can4
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026