Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Vbulletin
Filtered by product Vbulletin
Angry Yack Logo
Total 53 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25120 1 Vbulletin 1 Vbulletin 2024-11-21 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.
CVE-2020-25119 1 Vbulletin 1 Vbulletin 2024-11-21 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.
CVE-2020-25118 1 Vbulletin 1 Vbulletin 2024-11-21 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.
CVE-2020-25117 1 Vbulletin 1 Vbulletin 2024-11-21 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
CVE-2020-25116 1 Vbulletin 1 Vbulletin 2024-11-21 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
CVE-2020-25115 1 Vbulletin 1 Vbulletin 2024-11-21 3.5 LOW 4.8 MEDIUM
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
CVE-2020-12720 1 Vbulletin 1 Vbulletin 2024-11-21 7.5 HIGH 9.8 CRITICAL
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
CVE-2019-17271 1 Vbulletin 1 Vbulletin 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
CVE-2019-17132 1 Vbulletin 1 Vbulletin 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
vBulletin through 5.5.4 mishandles custom avatars.
CVE-2019-17131 1 Vbulletin 1 Vbulletin 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
vBulletin before 5.5.4 allows clickjacking.
CVE-2019-17130 1 Vbulletin 1 Vbulletin 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
CVE-2018-6200 1 Vbulletin 1 Vbulletin 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
CVE-2018-15493 1 Vbulletin 1 Vbulletin 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
vBulletin 5.4.3 has an Open Redirect.