VYPR
Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Jun 16, 2026

CVE-2002-1678

CVE-2002-1678

Description

Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.

Affected products

8
  • Jelsoft/Vbulletin8 versions
    cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*
    • (no CPE)range: 2.0 rc 2 - 2.2.4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.

CVE-2002-1678 · VYPR