XSS Vulnerability in vBulletin 5.6.3 Admin CP
CVE-2020-25124

4.8MEDIUM

Key Information:

Vendor: Vbulletin
Status: Vbulletin
Vendor: CVE Published:; 3 September 2020

What is CVE-2020-25124?

The Admin Control Panel (CP) in vBulletin version 5.6.3 contains a Cross-Site Scripting (XSS) vulnerability that can be exploited through manipulated URLs. Attackers can leverage the 'admincp/attachment.php&do=rebuild&type=' endpoint to inject malicious scripts, posing security risks to user data and site integrity.

References

https://pentest-vincent.blogspot.com/2020/09/vbulletin-56...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2020
Vulnerability Reserved
Sep 3, 2020

Vbulletin

What is CVE-2020-25124?

References

CVSS V3.1

Timeline