CVE-2023-39777

Name of the Vulnerable Software and Affected Versions vBulletin versions 5.7.5 through 6.0.0

Description A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin allows attackers to execute arbitrary web scripts or HTML via the "/login.php?do=login" url parameter.

Recommendations For versions 5.7.5 and 6.0.0, as a temporary workaround, consider restricting access to the "/login.php?do=login" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.