PT-2006-1165 · Vbulletin · Vbulletin
Publicado
2006-01-04
·
Atualizado
2018-10-19
·
CVE-2006-0080
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
vBulletin versions 3.5.2 and earlier
Description:
A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the title of an event. This is due to insufficient filtering by calendar.php and reminder.php.
Recommendations:
For versions 3.5.2 and earlier, update to a version that properly filters event titles to prevent code injection.
As a temporary workaround, consider restricting access to calendar.php and reminder.php until a patch is available.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Vbulletin