VYPR
Unrated severityNVD Advisory· Published Apr 30, 2014· Updated Jun 17, 2026

CVE-2014-3135

CVE-2014-3135

Description

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore.

Affected products

2
  • Jelsoft/Vbulletin2 versions
    cpe:2.3:a:vbulletin:vbulletin:5.1.1:alpha9:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:vbulletin:vbulletin:5.1.1:alpha9:*:*:*:*:*:*
    • (no CPE)range: =5.1.1 Alpha 9

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.