CVE-2004-1823

Jelsoft Vbulletin - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/23822

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/23823

View Code ZIP pw:eip

References (8)

[Mailing List] http://marc.info/?l=bugtraq&m=107945556112453&w=2

[Patch] http://secunia.com/advisories/11142

[Exploit] http://www.securityfocus.com/bid/9888

[Exploit] http://www.securityfocus.com/bid/9889

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15495

[Third Party Advisory, VDB Entry] http://www.osvdb.org/4310

[Third Party Advisory, VDB Entry] http://www.osvdb.org/4311

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1009440

Scores

EPSS 0.0092

EPSS Percentile 75.7%

Classification

Status draft

Affected Products (2)

jelsoft/vbulletin

jelsoft/vbulletin

Timeline

Published Dec 31, 2004

Tracked Since Feb 18, 2026