PT-2020-15955 · Vbulletin Solutions · Vbulletin
Published
2020-09-03
·
Updated
2020-09-04
·
CVE-2020-25115
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
vBulletin version 5.6.3
Description
The issue affects the Admin CP in vBulletin, where an XSS attack can be performed via an Occupation Title or Description to the User Profile Field Manager.
Recommendations
For version 5.6.3, consider disabling the Occupation Title or Description field in the User Profile Field Manager as a temporary workaround until a patch is available. Restrict access to the Admin CP to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vbulletin