Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and previous versions, and 5.0.x up to and including 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vbulletin vbulletin 5.0.4 |
||
vbulletin vbulletin 5.0.3 |
||
vbulletin vbulletin |
||
vbulletin vbulletin 5.0.5 |
||
vbulletin vbulletin 5.0.0 |
||
vbulletin vbulletin 5.0.2 |
||
vbulletin vbulletin 5.0.1 |