Vulnerability Details : CVE-2004-0091
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2004-0091
- cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0091
0.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0091
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2004-0091
-
http://securitytracker.com/id?1008780
securitytracker.com
-
http://marc.info/?l=vuln-dev&m=107488880317647&w=2
'RE: vBulletin Security Vulnerability' - MARC
-
http://marc.info/?l=vuln-dev&m=107462499927040&w=2
'vBulletin Security Vulnerability' - MARC
-
http://marc.info/?l=bugtraq&m=107462349324945&w=2
'vBulletin Security Vulnerability' - MARC
-
http://marc.info/?l=vuln-dev&m=107478592401619&w=2
'Re: vBulletin Security Vulnerability' - MARC
Jump to