CVE-2008-3773 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3773
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3773

Description: Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/44576 ST 1020727 SREASON http://securityreason.com/securityalert/4182 SAID Secunia Advisory: SA31552 MISC http://www.coresecurity.com/content/vbulletin-cross-site-scripting-vulnerability CONFIRM http://www.vbulletin.com/forum/showthread.php?t=282133 BUGTRAQ http://marc.info/?l=bugtraq&m=121933258013788&w=2 BID 30777

Return to the previous page.