VYPR
Unrated severityNVD Advisory· Published Jan 4, 2006· Updated Jun 16, 2026

CVE-2006-0080

CVE-2006-0080

Description

Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php.

Affected products

2
  • Jelsoft/Vbulletin2 versions
    cpe:2.3:a:jelsoft:vbulletin:3.5.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:jelsoft:vbulletin:3.5.2:*:*:*:*:*:*:*
    • (no CPE)range: <=3.5.2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.