VBulletin XSS(2) Network Vulnerability

Summary

The remote host is running vBulletin, a web based bulletin board system written in PHP. The remote version of this software seems to be prior or equal to version 2.2.9. These versions are vulnerable to a cross-site scripting issue, due to a failure of the application to properly sanitize user-supplied URI input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Solution

Upgrade to latest version

Severity

Classification

CVE CVE-2004-1824

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat source.jsp malformed request information disclosure
Apache Archiva Multiple Vulnerabilities
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness
Apache CouchDB Cross Site Request Forgery Vulnerability

vBulletin XSS(2)

Take action and discover your vulnerabilities