Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Jun 16, 2026
CVE-2002-1678
CVE-2002-1678
Description
Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.
Affected products
8cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*
- (no CPE)range: 2.0 rc 2 - 2.2.4
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.