CVE-2006-0080

Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://kapda.ir/advisory-177.html	Exploit Vendor Advisory
http://www.securityfocus.com/bid/16116
http://secunia.com/advisories/18299
http://www.osvdb.org/22210
http://www.osvdb.org/22220
http://www.vupen.com/english/advisories/2006/0033
http://www.securityfocus.com/archive/1/421310/100/0/threaded
http://www.securityfocus.com/archive/1/420663/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:jelsoft:vbulletin:3.5.2:*:*:*:*:*:*:*

Information

Published : 2006-01-03 22:03

Updated : 2018-10-19 08:42

NVD link : CVE-2006-0080

Mitre link : CVE-2006-0080

JSON object : View

CWE

NVD-CWE-Other

Products Affected

jelsoft

vbulletin

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://kapda.ir/advisory-177.html", "name": "http://kapda.ir/advisory-177.html", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/16116", "name": "16116", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/18299", "name": "18299", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/22210", "name": "22210", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/22220", "name": "22220", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2006/0033", "name": "ADV-2006-0033", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/archive/1/421310/100/0/threaded", "name": "20060108 Html_Injection in vBulletin 3.5.2", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/420663/100/0/threaded", "name": "20060101 [KAPDA::#19] - Html Injection in vBulletin 3.5.2", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0080", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-01-04T06:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jelsoft:vbulletin:3.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:42Z"}

4.3 /10