Filtered by vendor Jelsoft Subscriptions
Filtered by product Vbulletin Subscriptions
Total 55 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-2076 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2004-1824 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php.
CVE-2004-1823 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php.
CVE-2004-1515 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.
CVE-2004-0620 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel.
CVE-2004-0091 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft.
CVE-2004-0036 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter.
CVE-2003-1031 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."
CVE-2003-0295 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.
CVE-2002-2235 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks.
CVE-2002-1922 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables.
CVE-2002-1679 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message.
CVE-2002-1678 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.
CVE-2002-1660 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter.
CVE-2001-0475 1 Jelsoft 1 Vbulletin 2024-11-20 N/A
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.