Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2008-3773

Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).

  • Published: Aug 22, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-3773
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
vbulletin / vbulletin 3.6.10-pl3 3.6.10-pl3.x
vbulletin / vbulletin 3.7.2-pl1 3.7.2-pl1.x