member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks.
Max CVSS
5.0
EPSS Score
0.34%
Published
2002-12-31
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables.
Max CVSS
4.3
EPSS Score
0.40%
Published
2002-12-31
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message.
Max CVSS
4.3
EPSS Score
0.39%
Published
2002-12-31
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.
Max CVSS
4.3
EPSS Score
0.67%
Published
2002-12-31
Updated
2017-07-11
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter.
Max CVSS
7.5
EPSS Score
1.22%
Published
2002-12-31
Updated
2017-07-11
5 vulnerabilities found