PT-2006-2077 · Vbulletin · Vbulletin
Published
2006-03-07
·
Updated
2018-10-18
·
CVE-2006-1040
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
vBulletin versions 3.0.12 and 3.5.3
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the
email field. This field is not properly sanitized when used in sendmsg.php, although it is injected in profile.php.Recommendations
For version 3.0.12, update the sendmsg.php file to properly sanitize the
email field.
For version 3.5.3, update the sendmsg.php file to properly sanitize the email field.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vbulletin