Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3135

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-3135
Last Modified 18 Jul 2014 02:31:01
Published 30 Apr 2014 10:22:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-3135

Summary

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore.

Vulnerable Systems

Application

  • Vbulletin 5.1.1


References

XF - vbulletin-multiple-scripts-xss(92664)

BID - 66972

MISC - http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html


Last Updated: 27 May 2016 11:05:09