Published: 31/12/2002 Updated: 05/09/2008

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 up to and including 2.2.8 allows remote malicious users to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jelsoft vbulletin 2.2.2
jelsoft vbulletin 2.2.3
jelsoft vbulletin 2.2.4
jelsoft vbulletin 2.2.5
jelsoft vbulletin 2.0_rc3
jelsoft vbulletin 2.2.1
jelsoft vbulletin 2.2.6
jelsoft vbulletin 2.2.8
jelsoft vbulletin 2.0_rc2
jelsoft vbulletin 2.2.0
jelsoft vbulletin 2.2.7

source: wwwsecurityfocuscom/bid/5997/info vBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website r ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2002-10/0272.html http://www.securityfocus.com/bid/5997 http://www.iss.net/security_center/static/10407.php https://nvd.nist.gov https://www.exploit-db.com/exploits/21946/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2002-1922

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect