Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3253

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-3253
Last Modified 05 Sep 2008 05:06:38
Published 27 Jun 2006 09:45:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3253

Summary

** DISPUTED ** Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer."

Vulnerable Systems

Application

  • Jelsoft Vbulletin 3.5.0

  • Jelsoft Vbulletin 3.5.0 Beta 1

  • Jelsoft Vbulletin 3.5.0 Beta 2

  • Jelsoft Vbulletin 3.5.0 Beta 3

  • Jelsoft Vbulletin 3.5.0 Beta 4

  • Jelsoft Vbulletin 3.5.0 Rc1

  • Jelsoft Vbulletin 3.5.0 Rc2

  • Jelsoft Vbulletin 3.5.0 Rc3

  • Jelsoft Vbulletin 3.5.1

  • Jelsoft Vbulletin 3.5.2

  • Jelsoft Vbulletin 3.5.3


References

BUGTRAQ - 20060620 vBulletin<<--v3.5.X "member.php" Cross Site Scripting

SECTRACK - 1016348

XF - vbulletin-member-xss(27261)

BID - 18551

BUGTRAQ - 20060623 Re: vBulletin<<--v3.5.X "member.php" Cross Site Scripting

OSVDB - 27508

SREASON - 1155


Last Updated: 27 May 2016 10:42:56