CVE-2005-3025

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php.

Published: Sep 22, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3025
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
jelsoft / vbulletin	2.2.0	2.2.0.x
jelsoft / vbulletin	2.0_rc2	2.0_rc2.x
jelsoft / vbulletin	3.0.4	3.0.4.x
jelsoft / vbulletin	3.0_beta_6	3.0_beta_6.x
jelsoft / vbulletin	2.3.0	2.3.0.x
jelsoft / vbulletin	2.3.2	2.3.2.x
jelsoft / vbulletin	3.0.1	3.0.1.x
jelsoft / vbulletin	2.0_rc3	2.0_rc3.x
jelsoft / vbulletin	3.0.6	3.0.6.x
jelsoft / vbulletin	2.2.1	2.2.1.x
jelsoft / vbulletin	2.2.7	2.2.7.x
jelsoft / vbulletin	2.0.3	2.0.3.x
jelsoft / vbulletin	3.0_beta_7	3.0_beta_7.x
jelsoft / vbulletin	3.0_beta_3	3.0_beta_3.x
jelsoft / vbulletin	2.2.4	2.2.4.x
jelsoft / vbulletin	3.0_beta_2	3.0_beta_2.x
jelsoft / vbulletin	2.2.2	2.2.2.x
jelsoft / vbulletin	2.2.5	2.2.5.x
jelsoft / vbulletin	2.2.6	2.2.6.x
jelsoft / vbulletin	3.0.2	3.0.2.x
jelsoft / vbulletin	3.0_gamma	3.0_gamma.x
jelsoft / vbulletin	2.2.9	2.2.9.x
jelsoft / vbulletin	3.0.7	3.0.7.x
jelsoft / vbulletin	3.0_beta_4	3.0_beta_4.x
jelsoft / vbulletin	3.0.3	3.0.3.x
jelsoft / vbulletin	1.0.1	1.0.1.x
jelsoft / vbulletin	3.0.5	3.0.5.x
jelsoft / vbulletin	2.2.8	2.2.8.x
jelsoft / vbulletin	2.3.4	2.3.4.x
jelsoft / vbulletin	2.2.3	2.2.3.x
jelsoft / vbulletin	3.0	3.0.x
jelsoft / vbulletin	3.0_beta_5	3.0_beta_5.x
jelsoft / vbulletin	2.3.3	2.3.3.x

Vulnerability Database

289,697

CVE-2005-3025