Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1040

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-1040
Last Modified 07 Mar 2011 09:31:48
Published 07 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1040

Summary

Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.

Vulnerable Systems

Application

  • Jelsoft Vbulletin 3.0.12

  • Jelsoft Vbulletin 3.5.3


References

MISC - http://www.kapda.ir/advisory-266.html

VUPEN - ADV-2006-0808

CONFIRM - http://www.vbulletin.com/forum/showthread.php?postid=1079030

BUGTRAQ - 20060302 vBulletin3.0.12&3.5.3~is_valid_email()~XSS Attack

BUGTRAQ - 20060301 [KAPDA::#26]vBulletin.3.5.3~3.0.12-XSS

OSVDB - 23614

SECUNIA - 19100

BID - 16919


Last Updated: 27 May 2016 10:41:54