Jump to content
Zatarra

[RST] XSS in vBulletin

Recommended Posts

vBulletin Security eBulletin

vBulletin 5 Connect, The World's Leading Community Software

May 2nd, 2014

* Security Issue

* Your License Information

* Contact Us

------ Security Issue ------

An exploit in vBulletin 5.x has been reported by the "Romanian Security Team". We have repaired the issue reported and are releasing patches for the following versions: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5 and 5.1.0

The issue is caused by improper handling of the Page object within vBulletin. This allowed some user supplied data to be elevated to the point where it cause problems. It also allowed javascript to be executed in certain situations.

You can find more details in the forum announcement : vBulletin 5 Connect Security Patch Released (All Versions). - vBulletin Community Forum

---------------- YOUR LICENSE INFORMATION ----------------

You can use this information to log into the customers area to download vBulletin, ImpEx and other vBulletin-related support materials:

Your Customer Email: darkzatarra@yahoo.com

Your Customer Number: ************

If you have misplaced your customer password, you can request that it be re-sent to your registered email address using the following form:

http://www.vbulletin.com/go/lostpw

The customers area is located here:

http://members.vbulletin.com/

-------------------- CONTACT US --------------------------

Please do not respond to this email directly. We will not receive your response. Please use the links below.

Got a vBulletin technical query? Contact support:

http://www.vbulletin.com/go/techsupport

For all other queries, please visit this page:

vBulletin Forum Customer Support

----------------------------------------------------------

Security bulletins and periodic email newsletters are delivered to all current vBulletin customers, and contain information about new software versions and vBulletin.com web site features and content. If you have any questions or comments about this mailing, please contact us via the links above. You can unsubscribe from newsletters in the customer area at the bottom of the page: http://members.vbulletin.com

This email was sent to: Adrian-Daniel Bacanu, darkzatarra@yahoo.com

Copyright ©2000-2014, vBulletin Solutions Inc

More info:

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4032169-vbulletin-5-connect-security-patch-released-all-versions

Felicitari baieti :)

Edited by Zatarra

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...