CVE Certified
GHDB

vBulletin version 3.0.1 newreply.php XSS

prev next

Google search: "Powered by: vBulletin * 3.0.1" inurl:newreply.php

Hits: 1554

Submited: 2004-07-02

vBulletin is a customizable forums package for web sites. It has been written in PHP and is complimented with MySQL. While a user is previewing the post, both newreply.php and newthread.php correctly sanitize the input in 'Preview', but not Edit-panel. Malicious code can be injected by an attacker through this flaw. More information at http://www.securityfocus.com/bid/10612/.