Lucene search

[email protected]NVD:CVE-2005-3020

HistorySep 21, 2005 - 10:03 p.m.

CVE-2005-3020

2005-09-2122:03:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.011

Percentile

84.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php.

Affected configurations

Nvd

Node

jelsoftvbulletinMatch1.0.1lite

jelsoftvbulletinMatch2.0.3

jelsoftvbulletinMatch2.0_rc2

jelsoftvbulletinMatch2.0_rc3

jelsoftvbulletinMatch2.2.0

jelsoftvbulletinMatch2.2.1

jelsoftvbulletinMatch2.2.2

jelsoftvbulletinMatch2.2.3

jelsoftvbulletinMatch2.2.4

jelsoftvbulletinMatch2.2.5

jelsoftvbulletinMatch2.2.6

jelsoftvbulletinMatch2.2.7

jelsoftvbulletinMatch2.2.8

jelsoftvbulletinMatch2.2.9

jelsoftvbulletinMatch2.3.0

jelsoftvbulletinMatch2.3.2

jelsoftvbulletinMatch2.3.3

jelsoftvbulletinMatch2.3.4

jelsoftvbulletinMatch3.0

jelsoftvbulletinMatch3.0.1

jelsoftvbulletinMatch3.0.2

jelsoftvbulletinMatch3.0.3

jelsoftvbulletinMatch3.0.4

jelsoftvbulletinMatch3.0.5

jelsoftvbulletinMatch3.0.6

jelsoftvbulletinMatch3.0.7

jelsoftvbulletinMatch3.0.8

jelsoftvbulletinMatch3.0.9

jelsoftvbulletinMatch3.0_beta_2

jelsoftvbulletinMatch3.0_beta_3

jelsoftvbulletinMatch3.0_beta_4

jelsoftvbulletinMatch3.0_beta_5

jelsoftvbulletinMatch3.0_beta_6

jelsoftvbulletinMatch3.0_beta_7

jelsoftvbulletinMatch3.0_gamma

VendorProductVersionCPE
jelsoftvbulletin1.0.1cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*
jelsoftvbulletin2.0.3cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*
jelsoftvbulletin2.0_rc2cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*
jelsoftvbulletin2.0_rc3cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*
jelsoftvbulletin2.2.0cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*
jelsoftvbulletin2.2.1cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*
jelsoftvbulletin2.2.2cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*
jelsoftvbulletin2.2.3cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*
jelsoftvbulletin2.2.4cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*
jelsoftvbulletin2.2.5cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jelsoft	vbulletin	1.0.1	cpe:2.3:a:jelsoft:vbulletin:1.0.1::lite:::::
jelsoft	vbulletin	2.0.3	cpe:2.3:a:jelsoft:vbulletin:2.0.3:::::::*
jelsoft	vbulletin	2.0_rc2	cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:::::::*
jelsoft	vbulletin	2.0_rc3	cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:::::::*
jelsoft	vbulletin	2.2.0	cpe:2.3:a:jelsoft:vbulletin:2.2.0:::::::*
jelsoft	vbulletin	2.2.1	cpe:2.3:a:jelsoft:vbulletin:2.2.1:::::::*
jelsoft	vbulletin	2.2.2	cpe:2.3:a:jelsoft:vbulletin:2.2.2:::::::*
jelsoft	vbulletin	2.2.3	cpe:2.3:a:jelsoft:vbulletin:2.2.3:::::::*
jelsoft	vbulletin	2.2.4	cpe:2.3:a:jelsoft:vbulletin:2.2.4:::::::*
jelsoft	vbulletin	2.2.5	cpe:2.3:a:jelsoft:vbulletin:2.2.5:::::::*

Rows per page:

1-10 of 351

References

marc.info/?l=bugtraq&m=112715150320677&w=2

morph3us.org/advisories/20050917-vbulletin-3.0.8.txt

secunia.com/advisories/16873/

www.securityfocus.com/bid/14874

exchange.xforce.ibmcloud.com/vulnerabilities/22324

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.011

Percentile

84.4%

JSON

Related for NVD:CVE-2005-3020

cvelist1 exploitdb6 cve1 nessus1