CVE

Id
27810  
CVE No.
CVE-2007-4453  
Status
Candidate  
Description
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can"t reproduce a single one of these". The researcher is known to be unreliable.  
Phase
Assigned (20070821)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
286704 27810 CVE-2007-4453 BUGTRAQ:20070817 Re: vBulletin V3.6.8 XSS Password Md5 Hash  View
286705 27810 CVE-2007-4453 URL:http://www.securityfocus.com/archive/1/archive/1/476940/100/0/threaded  View
286706 27810 CVE-2007-4453 BUGTRAQ:20070817 vBulletin V3.6.8 XSS Password Md5 Hash  View
286707 27810 CVE-2007-4453 URL:http://www.securityfocus.com/archive/1/archive/1/476924/100/0/threaded  View
286708 27810 CVE-2007-4453 XF:vbulletin-qs-xss(36084)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
53839 JVNDB-2007-002531 Asterisk Open Source の SIP チャネルドライバ (chan_sip) におけるサービス運用妨害 (DoS) の脆弱性 Asterisk Open Source、AsteriskNOW、Asterisk Appliance Developer Kit および s800i (Asterisk Appliance) の SIP チャネルドライバ (chan_sip) には、サービス運用妨害 (メモリ消耗) 状態となる脆弱性が存在します。 CVE-2007-4455 27810 5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002531.html  View