Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4453

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4453
Last Modified 05 Sep 2008 05:28:16
Published 21 Aug 2007 02:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4453

Summary

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can't reproduce a single one of these". The researcher is known to be unreliable.

Vulnerable Systems

Application

  • Jelsoft Vbulletin 3.6.8


References

BUGTRAQ - 20070817 Re: vBulletin V3.6.8 XSS Password Md5 Hash

BUGTRAQ - 20070817 vBulletin V3.6.8 XSS Password Md5 Hash


Last Updated: 27 May 2016 10:45:52