ID
VAR-201004-0512
TITLE
vBulletin Two-Step External Link Module Cross-Site Scripting Vulnerability
Trust: 0.6
DESCRIPTION
vBulletin is an open source PHP forum program. The URL parameter submitted to the externalredirect.php page is not correctly filtered back to the user in the Two-Step External Link module used by vBulletin. The remote attacker can request a cross-site scripting attack by submitting malicious parameters, resulting in the user's browser. Execute arbitrary HTML and script code in the session. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | vbulletin | model: | vbulletin | scope: | - | version: | - | Trust: 0.6 |
| vendor: | vbulletin | model: | two-step external link | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 39597 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2010-3506 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/bid/39597 | Trust: 0.6 |
| url: | http://www.vbulletin.com | Trust: 0.3 |
| url: | /archive/1/510847 | Trust: 0.3 |
CREDITS
Edgard Chammas
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2010-3506 |
| db: | BID | id: | 39597 |
LAST UPDATE DATE
2022-05-17T01:51:50.429000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-3506 | date: | 2010-04-20T00:00:00 |
| db: | BID | id: | 39597 | date: | 2010-04-20T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-3506 | date: | 2010-04-20T00:00:00 |
| db: | BID | id: | 39597 | date: | 2010-04-20T00:00:00 |