Jelsoft: >> Vbulletin >> 3.5.3 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer.
CVSS Score
2.6
EPSS Score
0.061
Published
2006-06-28
Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.
CVSS Score
4.3
EPSS Score
0.009
Published
2006-03-07