NVD

Id
3638  
Name
CVE-2008-3773  
Description
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-03  
Published
2008-08-22  
Modified Date
2009-01-29  
Seq
2008-3773  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
22975 3638 CVE-2008-3773 20080820 CORE-2008-0813 - vBulletin Cross Site Scripting Vulnerability  View
22976 3638 CVE-2008-3773 4182  View
22977 3638 CVE-2008-3773 http://www.coresecurity.com/content/vbulletin-cross-site-scripting-vulnerability  View
22978 3638 CVE-2008-3773 30777  View
22979 3638 CVE-2008-3773 1020727  View
22980 3638 CVE-2008-3773 http://www.vbulletin.com/forum/showthread.php?t=282133  View
22981 3638 CVE-2008-3773 vbulletin-message-xss(44576)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
50865 JVNDB-2008-006175 vBulletin におけるクロスサイトスクリプティングの脆弱性 vBulletin には、"新規プライベートメッセージの通知ポップアップ表示" が有効になっている際、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2008-3773 33886 CVE-2008-3773 3638 4.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-006175.html 2008-08-18 2012-12-20 View