First published: Tue Jun 27 2006(Updated: )
** DISPUTED ** Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer."
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jelsoft vBulletin | =3.5.2 | |
Jelsoft vBulletin | =3.5.0_beta_2 | |
Jelsoft vBulletin | =3.5.1 | |
Jelsoft vBulletin | =3.5.0_rc3 | |
Jelsoft vBulletin | =3.5.0_rc2 | |
Jelsoft vBulletin | =3.5.0_beta_3 | |
Jelsoft vBulletin | =3.5.3 | |
Jelsoft vBulletin | =3.5.0_beta_4 | |
Jelsoft vBulletin | =3.5.0_beta_1 | |
Jelsoft vBulletin | =3.5.0 | |
Jelsoft vBulletin | =3.5.0_rc1 | |
=3.5.0 | ||
=3.5.0_beta_1 | ||
=3.5.0_beta_2 | ||
=3.5.0_beta_3 | ||
=3.5.0_beta_4 | ||
=3.5.0_rc1 | ||
=3.5.0_rc2 | ||
=3.5.0_rc3 | ||
=3.5.1 | ||
=3.5.2 | ||
=3.5.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.