|
|
CVE Reference: CVE-2008-3773 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-3773 |
|
|
Description: Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]). |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/44576 ST 1020727 SREASON http://securityreason.com/securityalert/4182 SAID Secunia Advisory: SA31552 MISC http://www.coresecurity.com/content/vbulletin-cross-site-scripting-vulnerability CONFIRM http://www.vbulletin.com/forum/showthread.php?t=282133 BUGTRAQ http://marc.info/?l=bugtraq&m=121933258013788&w=2 BID 30777 |
|
| Return to the previous page. |
