CVE-2006-3253

Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer.

Published: Jun 28, 2006
Updated: Nov 8, 2023
CVE: CVE-2006-3253
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
jelsoft / vbulletin	3.5.2	3.5.2.x
jelsoft / vbulletin	3.5.0_beta_2	3.5.0_beta_2.x
jelsoft / vbulletin	3.5.1	3.5.1.x
jelsoft / vbulletin	3.5.0_rc3	3.5.0_rc3.x
jelsoft / vbulletin	3.5.0_rc2	3.5.0_rc2.x
jelsoft / vbulletin	3.5.0_beta_3	3.5.0_beta_3.x
jelsoft / vbulletin	3.5.3	3.5.3.x
jelsoft / vbulletin	3.5.0_beta_4	3.5.0_beta_4.x
jelsoft / vbulletin	3.5.0_beta_1	3.5.0_beta_1.x
jelsoft / vbulletin	3.5.0	3.5.0.x
jelsoft / vbulletin	3.5.0_rc1	3.5.0_rc1.x

Vulnerability Database

289,697

CVE-2006-3253