CVE-2006-6040
vBulletin 3.6.x - Cross-Site Scripting via Admin Control Panel Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-6040. PoCs published by insanity.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in vBulletin by injecting arbitrary JavaScript code via unsanitized input parameters in the admin control panel. The PoC uses the 'prefs' and 'navprefs' parameters to trigger the XSS payload.
Description
Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in vBulletin by injecting arbitrary JavaScript code via unsanitized input parameters in the admin control panel. The PoC uses the 'prefs' and 'navprefs' parameters to trigger the XSS payload.