CVE-2006-0080: XSS
First published: Wed Jan 04 2006(Updated: )
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jelsoft vBulletin | =3.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://kapda.ir/advisory-177.html
- http://www.securityfocus.com/bid/16116
- http://secunia.com/advisories/18299
- http://www.osvdb.org/22210
- http://www.osvdb.org/22220
- http://www.vupen.com/english/advisories/2006/0033
- http://www.securityfocus.com/archive/1/421310/100/0/threaded
- http://www.securityfocus.com/archive/1/420663/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/jelsoft
- canonical/jelsoft vbulletin
- version/jelsoft vbulletin/3.5.2