CVE-2007-4453 Information
Description
LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php and the (2) q parameter to (a) faq.php (b) member.php (c) memberlist.php (d) calendar.php (e) search.php (f) forumdisplay.php (g) showgroups.php (h) online.php and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor stating \I can’t reproduce a single one of these. The researcher is known to be unreliable.
Reference
http://www.securityfocus.com/archive/1/476924/100/0/threaded http://www.securityfocus.com/archive/1/476940/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/36084
Share on: