Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Vbulletin Subscribe
Total 51 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25118 1 Vbulletin 1 Vbulletin 2024-11-21 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.
CVE-2020-25117 1 Vbulletin 1 Vbulletin 2024-11-21 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
CVE-2020-25116 1 Vbulletin 1 Vbulletin 2024-11-21 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
CVE-2020-25115 1 Vbulletin 1 Vbulletin 2024-11-21 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
CVE-2020-12720 1 Vbulletin 1 Vbulletin 2024-11-21 7.5 HIGH 9.8 CRITICAL
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
CVE-2019-17271 1 Vbulletin 1 Vbulletin 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
CVE-2019-17132 1 Vbulletin 1 Vbulletin 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
vBulletin through 5.5.4 mishandles custom avatars.
CVE-2019-17131 1 Vbulletin 1 Vbulletin 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
vBulletin before 5.5.4 allows clickjacking.
CVE-2019-17130 1 Vbulletin 1 Vbulletin 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
CVE-2018-6200 1 Vbulletin 1 Vbulletin 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
CVE-2018-15493 1 Vbulletin 1 Vbulletin 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
vBulletin 5.4.3 has an Open Redirect.