header-logo
Suggest Exploit
vendor:
vBExperience
by:
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: vBExperience
Affected Version From: vBulletin vBExperience 3.0
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:vbulletin:vbulletin_vbexperience:3.0
Metasploit:
Other Scripts:
Platforms Tested:

vBulletin vBExperience Cross-Site Scripting Vulnerability

The vBulletin vBExperience plugin is prone to a cross-site scripting vulnerability due to inadequate sanitization of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other malicious actions.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor. Additionally, input validation and output encoding should be implemented to prevent the execution of malicious scripts.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/48106/info

vBulletin vBExperience is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

vBulletin vBExperience 3.0 is vulnerable; other versions may also be affected. 

http://www.example.com/[path]/xperience.php?sortfield=xr&sortorder="><script>alert(1);</script>

Navigation

Suggest Exploit

Services By CQR