Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-25123
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager.
Vbulletin Vbulletin 5.6.3
3.5
CVSSv2
CVE-2020-25115
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
Vbulletin Vbulletin 5.6.3
3.5
CVSSv2
CVE-2020-25119
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.
Vbulletin Vbulletin 5.6.3
3.5
CVSSv2
CVE-2020-25120
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.
Vbulletin Vbulletin 5.6.3
3.5
CVSSv2
CVE-2020-25122
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.
Vbulletin Vbulletin 5.6.3
3.5
CVSSv2
CVE-2020-25124
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.
Vbulletin Vbulletin 5.6.3
7.5
CVSSv2
CVE-2020-17496
vBulletin 5.5.4 up to and including 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
Vbulletin Vbulletin
2 Github repositories
7.5
CVSSv2
CVE-2020-12720
vBulletin prior to 5.5.6pl1, 5.6.0 prior to 5.6.0pl1, and 5.6.1 prior to 5.6.1pl1 has incorrect access control.
Vbulletin Vbulletin 5.6.0
Vbulletin Vbulletin
Vbulletin Vbulletin 5.5.6
Vbulletin Vbulletin 5.6.1.-
1 Github repository
4
CVSSv2
CVE-2019-17271
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
Vbulletin Vbulletin
6.4
CVSSv2
CVE-2019-17130
vBulletin up to and including 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
Vbulletin Vbulletin
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »