Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0091

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-0091
Last Modified 10 Sep 2008 03:25:06
Published 17 Feb 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0091

Summary

** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft."

Vulnerable Systems

Application

  • Jelsoft Vbulletin 3.0 Beta 2


References

SECTRACK - 1008780

VULN-DEV - 20040123 RE: vBulletin Security Vulnerability

VULN-DEV - 20040120 Re: vBulletin Security Vulnerability

VULN-DEV - 20040120 vBulletin Security Vulnerability


Last Updated: 27 May 2016 10:38:28