CVE-2006-1040: XSS
First published: Tue Mar 07 2006(Updated: )
Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jelsoft vBulletin | =3.5.3 | |
| Jelsoft vBulletin | =3.0.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kapda.ir/advisory-266.html
- http://www.vbulletin.com/forum/showthread.php?postid=1079030
- http://www.osvdb.org/23614
- http://secunia.com/advisories/19100
- http://www.securityfocus.com/bid/16919
- http://www.vupen.com/english/advisories/2006/0808
- http://www.securityfocus.com/archive/1/426589/100/0/threaded
- http://www.securityfocus.com/archive/1/426537/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/type
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/jelsoft
- canonical/jelsoft vbulletin
- version/jelsoft vbulletin/3.5.3
- version/jelsoft vbulletin/3.0.12