Vbulletin: >> Vbulletin >> 4.2.5 Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-16
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
CVSS Score
4.9
EPSS Score
0.004
Published
2019-10-08
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-10-04
vBulletin before 5.5.4 allows clickjacking.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-10-04
vBulletin through 5.5.4 mishandles custom avatars.
CVSS Score
9.8
EPSS Score
0.307
Published
2019-10-04
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
CVSS Score
6.1
EPSS Score
0.056
Published
2018-01-25
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.
CVSS Score
8.6
EPSS Score
0.006
Published
2017-04-06
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
CVSS Score
6.8
EPSS Score
0.012
Published
2010-03-23