CVE-2020-25122: XSS
First published: Thu Sep 03 2020(Updated: )
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| vBulletin vBulletin | =5.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-25122?
CVE-2020-25122 is a vulnerability that allows XSS (cross-site scripting) attacks in the Admin CP of vBulletin 5.6.3.
How severe is CVE-2020-25122?
CVE-2020-25122 has a severity rating of 4.8, which is considered medium.
How does CVE-2020-25122 occur?
CVE-2020-25122 occurs when an attacker injects malicious code into the Rank Type field of the User Rank Manager in vBulletin 5.6.3's Admin CP, leading to XSS attacks.
What is the affected software version for CVE-2020-25122?
The affected software version for CVE-2020-25122 is vBulletin 5.6.3.
How can I mitigate the vulnerability in CVE-2020-25122?
To mitigate the vulnerability in CVE-2020-25122, it is recommended to upgrade vBulletin to a newer version that includes a fix for this issue.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/weakness
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/vbulletin
- canonical/vbulletin vbulletin
- version/vbulletin vbulletin/5.6.3