Filtered by vendor Vbulletin Subscriptions

Search

Switch to Advanced Search (Beta)
Total 51 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-25118 1 Vbulletin 1 Vbulletin 2024-11-21 4.8 Medium
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.
CVE-2020-25117 1 Vbulletin 1 Vbulletin 2024-11-21 4.8 Medium
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
CVE-2020-25116 1 Vbulletin 1 Vbulletin 2024-11-21 4.8 Medium
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
CVE-2020-25115 1 Vbulletin 1 Vbulletin 2024-11-21 4.8 Medium
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
CVE-2020-12720 1 Vbulletin 1 Vbulletin 2024-11-21 9.8 Critical
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
CVE-2019-17271 1 Vbulletin 1 Vbulletin 2024-11-21 4.9 Medium
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
CVE-2019-17132 1 Vbulletin 1 Vbulletin 2024-11-21 9.8 Critical
vBulletin through 5.5.4 mishandles custom avatars.
CVE-2019-17131 1 Vbulletin 1 Vbulletin 2024-11-21 4.3 Medium
vBulletin before 5.5.4 allows clickjacking.
CVE-2019-17130 1 Vbulletin 1 Vbulletin 2024-11-21 6.5 Medium
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
CVE-2018-6200 1 Vbulletin 1 Vbulletin 2024-11-21 N/A
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
CVE-2018-15493 1 Vbulletin 1 Vbulletin 2024-11-21 N/A
vBulletin 5.4.3 has an Open Redirect.